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Govern merit of India 

Ministry of Health and Family Welfare 

Department of Health and Family Welfare 

Nirman Bhawan, New Delhi-110108 


CIRCULAR 

Government of India intends to introduce a uniform system for 
maintenance of Electronic Medical Records / Electronic Health 
Records (EMR / EHR) by the Hospitals and healthcare providers in 
the country. An Expert Committee was set up to develop EMR / EHR 
Standards for adoption /implementation in the country. Draft 
EMR/EHR Standards were hosted on the website of the Ministry 
soliciting comments from the stakeholders and general public. After 
due consideration of the recommendations of the Committee and 
the comments received thereon, the ‘ Electronic Health Record 
Standards for India’ have been finalised and approved by the 
Ministry of Health and Family Welfare, Government of India. 

A copy of the above document is placed herewith for 
information of all healthcare providers, medical professionals and 
other stakeholders for adoption and implementation in the 
healthcare institutions across the country in public interest. 


******* 
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1. EXECUTIVE SUMMARY 

Healthcare systems are highly complex, fragmented and use multiple information technology systems. 
With vendors incorporating different standards for similar or same systems, it is little wonder that all¬ 
round inefficiency, waste and errors in healthcare information and delivery management are all too 
commonplace an occurrence. Consequently, a patient's health information often gets trapped in silos of 
legacy systems, unable to be shared with members of the healthcare community. These are some of the 
several motivations driving an effort to encourage standardization, integration and electronic 
information exchange amongst the various healthcare providers. 

The study termed as Developmental Origins of Health and Diseases or DOHAD has successfully proven 
the importance of developmental records of individuals in predicting and/or explaining the diseases that 
a person is suffering from. In the current largely paper-based health records world, invaluable data is 
more often than not unavailable at the right time in the hands of the clinical care providers to permit 
better care. This is largely due to the inefficiencies inherent in the paper-based system. In an electronic 
world, it is very much possible, provided certain important steps are taken beforehand, to ensure the 
availability of the right information at the right time. 

In order to be meaningful, the health record of an individual needs to be from conception (better) or 
birth (at the very least). As one progresses through one's life, every record of every clinical encounter 
represents an event in one's life. Each of these records may be insignificant or significant depending on 
the current problems that the person suffers from. Thus, it becomes imperative that these records be 
arranged chronologically to provide a summary of the various clinical events in the lifetime of a person. 

Electronic health records are a summary of the various electronic medical records that get generated 
during any clinical encounter. Without standards, a lifelong summary is not possible as different records 
from different sources spread across ~80+ years will potentially need to be brought into one summary. 
To achieve this, a set of pre-defined standards for information exchange that includes images, clinical 
codes and a minimum data set is imperative. 

The health data is owned by the patient while the actual records are owned by the care providers who 
act as the custodians of the data. For creation of a true electronic health record of an individual it is 
imperative that all clinical records created by the various care providers that a person visits during 
his/her lifetime be stored in a central clinical data repository or at least be shareable through the use of 
interoperable standards. Adequate safeguards to ensure data privacy and security must strictly be 
adhered to at all times. Patients must have the privilege to verify the accuracy of their health data and 
gain access whenever they wish to do so. 

While any vendor may choose to have any additionally relevant information captured and presented, all 
must conform to the MDS. A short reference section and a detailed section of acronyms, definitions and 
glossary are added for everyone's benefit. 

It must be noted that these standards must not be considered either in isolation or being 
"etched in stone for all eternity". These will undergo periodic (at a maximum of 24 month 
interval) review and update as necessary. This standards document is a " living document". 
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2. INTEROPERABILITY AND STANDARDS 

The recommendations outlined in this section are an incremental approach to adopting standards, 
implementation specifications, and criteria to enhance the interoperability, functionality, utility, and 
security of health information technology and to support its widespread adoption. It is to be kept in 
mind that these standards should be flexible and modifiable to adapt to the demographic and resource 
variance observed in a large and developing country like India. 

It is important to recognize that interoperability and standardization can occur at many different levels. 
To achieve interoperability, information models would need to be harmonized into a consistent 
representation. 

In other cases, organizations may use the same information model, but use different vocabularies or 
code sets (for example, Systematized Nomenclature of Medicine Clinical Terms (SNOMED CT®) or ICD10- 
CM within those information models. To achieve interoperability at this level, standardizing 
vocabularies, or mapping between different vocabularies (using tools like Unified Medical Language 
System (UMLS)) may be necessary. For some levels, (such as the network transport protocol), an 
industry standard that is widely used (e.g. TCP/IP - TransmissionControl Protocol and Internet Protocol) 
will likely be the most appropriate. Ultimately, to achieve semantic interoperability, it is anticipated that 
multiple layers - network transportation protocols, data and services descriptions, information models, 
and vocabularies and code sets - will need to be standardized and/or harmonized to produce an 
inclusive, consistent representation of the interoperability requirements. 

It is further anticipated that using a harmonization process will integrate different representations of 
health care information into a consistent representation and maintain and update that consistent 
representation over time. For an information model, this process could include merging related 
concepts, adding new concepts, and mapping concepts from one representation of health care 
information to another. Similar processes to support standardization of data and services descriptions 
and vocabularies and codes sets may also be needed. 

It is also recognized that a sustainable and incremental approach to the adoption of standards will 
require processes for harmonizing both current and future standards. This will allow the incremental 
updating of the initial set of standards, implementation specifications, and certification criteria and 
provide a framework to maintain them. The decision to adopt such updates will be informed and guided 
by recommendations from an appropriate authority akin to a National Health Information Authority. 

Goals 

• Promote interoperability and where necessary be specific about certain content exchange and 
vocabulary standards to establish a path forward toward semantic interoperability 

• Support the evolution and timely maintenance of adopted standards 

• Promote technical innovation using adopted standards 

• Encourage participation and adoption by all vendors and stakeholders 

• Keep implementation costs as low as reasonably possible 

• Consider best practices, experiences, policies and frameworks 

• To the extent possible, adopt standards that are modular and not interdependent. 
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Categories for adoption of standards 
Vocabulary Standards 

(i.e., standardized nomenclatures and code sets used to describe clinical problems and procedures, 
medications, and allergies) 

This is to be achieved through the extensive use of Controlled Medical Vocabularies (CMV) that is 
detailed as follows: 

a) Logical Observation Identifiers Names and Codes (LOINC®): A universal code system for identifying 
laboratory and clinical observations. From serum levels of hepatitis B surface antigen to diastolic 
blood pressure, LOINC has standardized terms for all kinds of observations and measurements that 
enable exchange and aggregation of electronic health data from many independent systems. It was 
developed to provide a definitive standard for identifying clinical information in electronic reports. 
The LOINC database provides a set of universal names and ID codes for identifying laboratory and 
clinical test results in the context of existing HL7, ASTM E1238, and CEN TC251 observation report 
messages. One of the main goals of LOINC is to facilitate the exchange and pooling of results for 
clinical care, outcomes management, and research. LOINC codes are intended to identify the test 
result or clinical observation. Other fields in the message can transmit the identity of the source 
laboratory and special details about the sample. It has since been reported that the Regenstrief 
Institute Inc. and the International Health Terminology Standards Development Organisation 
(IHTSDO) have signed a long-term agreement to begin cooperative work linking their leading global 
health care terminologies: Logical Observation Identifiers Names and Codes, or LOINC, and SNOMED 
Clinical Terms. 

b) International Classification of Diseases (ICD10): The ICD is the international standard diagnostic 
classification for all general epidemiological, many health management purposes and clinical use. 

c) Systematized Nomenclature of Medicine-Clinical Terms (SNOMED-CT): is a comprehensive clinical 
terminology, originally created by the College of American Pathologists (CAP) and owned, 
maintained, and distributed by the International Health Terminology Standards Development 
Organization (IHTSDO), a non-for-profit association in Denmark. 

d) Current Procedural Terminology, 4th Edition (CPT 4): The CPT-4 is a uniform coding system 
consisting of descriptive terms and identifying codes that are used primarily to identify medical 
services and procedures furnished by physicians and other health care professionals. 

e) ATC - Anatomic Therapeutic Chemical Classification of Drugs: is used for the classification of drugs. 
It is controlled by the WHO Collaborating Centre for Drug Statistics Methodology (WHOCC), and was 
first published in 1976. This pharmaceutical coding system divides drugs into different groups 
according to the organ or system on which they act and/or their therapeutic and chemical 
characteristics. Each bottom-level ATC code stands for a pharmaceutically used substance in a single 
indication (or use). This means that one drug can have more than one code: acetylsalicylic acid 
(aspirin), for example, has A01AD05 as a drug for local oral treatment, B01AC06 as a platelet 
inhibitor, and N02BA01 as an analgesic and antipyretic. On the other hand, several different brands 
share the same code if they have the same active substance and indications. 

Content Exchange Standards 

(i.e., standards used to share clinical information such as clinical summaries, prescriptions, and 
structured electronic documents) 

a) Health Level Seven (HL7) Clinical Document Architecture: is an XML-based mark-up standard 
intended to specify the encoding, structure and semantics of clinical documents for exchange. CDA 
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is being used also in electronic health records projects to provide a standard format for entry, 
retrieval and storage of health information 

b) HL7 2.5.1: defines a series of electronic messages to support administrative, logistical, financial as 
well as clinical processes and mostly uses a textual, non-XML encoding syntax based on delimiters. 
HL7 v2.x has allowed for the interoperability between electronic Patient Administration Systems 
(PAS), Electronic Practice Management (EPM) systems, Laboratory Information Systems (LIS), 
Dietary, Pharmacy and Billing systems as well as Electronic Medical Record (EMR) or Electronic 
Health Record (EHR) systems 

c) Continuity of Care Record (CCR) is a health record standard specification developed jointly by ASTM 
International, the Massachusetts Medical Society (MMS), the Healthcare Information and 
Management Systems Society (HIMSS), the American Academy of Family Physicians (AAFP), the 
American Academy of Pediatrics (AAP), and other health informatics vendors. It is a core data set of 
the most relevant administrative, demographic, and clinical information facts about a patient's 
healthcare, covering one or more healthcare encounters. It provides a means for one healthcare 
practitioner, system, or setting to aggregate all of the pertinent data about a patient and forward it 
to another practitioner, system, or setting to support the continuity of care. The primary use case 
for the CCR is to provide a snapshot in time containing the pertinent clinical, demographic, and 
administrative data for a specific patient. To ensure interchange ability of electronic CCRs, this 
specification specifies XML coding that is required when the CCR is created in a structured electronic 
format. Conditions of security and privacy for a CCR instance must be established in a way that 
allows only properly authenticated and authorized access to the CCR document instance or its 
elements. The CCR consists of three core components: the CCR Header, the CCR Body, and the CCR 
Footer. 

d) Digital Imaging and Communications in Medicine (DICOM): The DICOM Standards Committee exists 
to create and maintain international standards for communication of biomedical diagnostic and 
therapeutic information in disciplines that use digital images and associated data. The goals of 
DICOM are to achieve compatibility and to improve workflow efficiency between imaging systems 
and other information systems in healthcare environments worldwide. DICOM currently defines an 
upper layer protocol (ULP) that is used over TCP/IP (independent of the physical network), 
messages, services, information objects and an association negotiation mechanism. These 
definitions ensure that any two implementations of a compatible set of services and information 
objects can effectively communicate. 

Clinical Standards 

Clinical standards are health information standards to capture a patient's health information in a more 
coherent manner. This health information can include all or part thereof as relevant of the following: 

• The illness a patient is suffering from 

• The physician's observation of the patient's illness 

• The diagnostic tests that need to be carried out to ascertain the patient's illness and to give the 
patient better treatment 

• The results of the diagnostic tests 

• The kind of treatment to be given to the patient 

• The way the treatment should be given to the patient 
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RECOMMENDED HEALTHCARE IT STANDARDS (FOR INDIA) 


Name 

Class 

Comments 

Phase 1 



UHID 

Unique Health Identifier - to 
act as Patient Identifier 

UID as a unique (primary or 

secondary) patient identifier. The 
UID should be used to identify a 
particular patient across all 

organizations (and their EMR 

systems); Aadhar number is 

recommended for use in EMR as 
either the primary or secondary, 
where the primary is an internal 
unique health identifier used by the 
healthcare provider organisation. 

CCD (HL7/ASTM) 

Clinical Data for Inter 

Department documents (the 
CDA CCD) 

Likely to be used for exchanging the 
clinical documentation between two 

EHR solutions both within an 
organisation and outside 

ATC Pharmacologic- 
Therapeutic Classification 

Indian Drugs - Ml MS/C IMS 
from CMPmedica 

Medicines 

Needs to be researched as there is 
no universal drug reference 
database. The WHO Drug Dictionary 
ATC - anatomic therapeutic 
classification - may be a good choice 
to begin with 

LOINC 

Clinical Laboratory 

Observations 

Published and maintained by the 
Regenstrief Institute, USA, this is a 
universally accepted code for 
laboratory observations 

HL7 V2.x 

Messaging 

V2.3 or above 

HL7 V3.0 RIM 

Reference Information Model 

Intermediate recommendation; to 
be replaced with HL7 FHIR when it is 
accepted by BIS/HL7-lndia 

DICOM PS3.0 

Medical Images 

Revision 2004 

ISO 18308 

Reference EHR Requirements 
Specification 

The latest version 

CEN/TC 251 EN 13606 

Reference Model & Archetypes 

The latest version 

SNOMED-CT 

Clinical Terminology 

Provide comprehensive clinical 
granularity, used to capture problem 
list, allergies, diagnosis, procedures 
etc. - will immensely aid in clinical 
analytics, clinical decision support 
systems, automated clinical care 
pathway management systems, 
support evidence based practice, 
etc. 
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WHO ICD 10 

Disease classification 

WHO is actively working with 
IHTSDO to converge SNOMED-CT 
with ICD 

WHO-PCS 

Procedure coding system 


WHO-ICF 

International classification of 
functioning, disability & health 


Phase 2 



DSM 

Psychiatric conditions 

Diagnostic & statistical manual of 
mental disorders 

NIC/NOC/NANDA 

Nursing interventions 

classification 

This is optional 

CDT 2, US 

Dental Procedures 

This is optional 

ICTM 

International Classification of 

Traditional Medicine 

Ayurveda, Yoga, Unani, Siddha, 
Homeopathy systems of medicine as 
distinct from the allopathic 
(Western) system of medicine 

Table 1: HCIT Standards (app 

licable in India) 


For all recommended standards, the most recent release of the standard by BIS (or source body where 
BIS has not specified) as on date of enforcement of these recommendation are to be used unless 
specifically mentioned here. 

Related Issues 

• Unique Identification 

• Interoperability / Sharing 

• Integrated systems require consistent use of standards in e.g. medical terminologies and high 
quality data to support information sharing across wide networks 

• Ethical, legal and technical issues linked to the accuracy, security confidentiality and access rights. 

• Common record architectures, structures 

• Clinical information standards and communications protocols 

International Standards Organization and Bureau of Indian Standards 

India is a voting member of ISO's Technical Committee 215 for Health Informatics. As such, the country 
is duty-bound to adopt and enforce all adopted standards that she had voted in favour. 

The following list of such ISO standards and technical specifications that will need to be referred to 
when designing EHR Systems for India. Needless to say, this list is very dynamic as older standards get 
subsequently replaced by newer ones. 

Consequently, it is advisable to refer to BIS website to source documents pertaining to Health 
Informatics Sectional Committee - MHD 17 for the latest standards currently in force. 

These documents must be seen to be as additional reference materials. Thus, wherever additional 
information is required for proper designing of an EHR/EMR System, these documents may be used for 
reference purposes to derive additional guidelines. 
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Please note: 

• Wherever the provisions of the EHR Standards are in conflict with any other, these EHR Standards 
will always prevail. 

• The following list is indicative and representive and not comprehensive and definitive. 

Standards (the latest version) that are to additionally be incorporated : 


S. No. 

Doc No 

Description 

1 

ISO 21090: 2011 

Flarmonized data types for information interchange 

2 

ISO 12967: 2009 

Health Informatics Service Architecture (Parts 1 - 3) 

3 

ISO TS 22220: 

2011 

Identification of subjects of health care 

4 

ISO TS 27527: 

2010 

Provider identification 

5 

ISO TS 14265 

Classification of purposes for processing personal health information 

6 

ISO 13940 

System of concepts to support continuity of care 

7 

ISO 13972 

Detailed Clinical Models 

8 

ISO 20301:2006 

Health informatics-Flealth Cards-General Characteristics 

9 

ISO DIS 22857 

Health informatics - Guidelines on data protection to facilitate trans- 
border flows of personal health data 

10 

ISO/TS 

22220:2008(E) 

Health informatics — Identification of subjects of health care 

11 

ISO 13606-1 

Health informatics — Electronic health record communication — Part 

l:Reference model 

12 

ISO DIS 13119 

Health informatics — Clinical knowledge resources — Metadata 

13 

ISO DIS 22600-1 

Health informatics — Privilege management and access control — Part 1: 
Overview and policy management 

14 

ISO DIS 22600-2 

Health informatics — Privilege management and access control — Part 2: 
Formal models 

15 

ISO DIS 22600-3 

Health informatics — Privilege management and access control — Part 3: 
Implementations 

16 

ISO DTS 14441 

Health informatics — Security and privacy requirements of EHR systems 
for use in conformity assessment 

17 

ISO FDIS 17090- 

1 

Health informatics — Public key infrastructure — Part 1: Overview of 
digital certificate services 

18 

ISO FDIS 21549- 

1 

Health informatics — Patient healthcard data — Part 1: General structure 

19 

ISO DIS 13940 

Health informatics — System of concepts to support continuity of care 


Table 2: Additional ISO Standards 
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Standards that have already been taken into consideration within this standards document: 


S. No. 

Doc No 

Description 

1 

ISO DIS 1828 

Health informatics — Categorial structure for classifications and coding 
systems of surgical procedures 

2 

ISO DIS 11616 

Health informatics — Identification of medicinal products — Data 
elements and structures for unique identification and exchange of 
regulated pharmaceutical product information 

3 

ISO DIS 11615 

Health informatics — Identification of medicinal products — Data 
elements and structures for unique identification and exchange of 
regulated medicinal product information 

4 

ISO DIS 11240 

Health informatics — Identification of medicinal products — Data 
elements and structures for the unique identification and exchange of 
units of measurement 

5 

ISO DIS 11238 

Health informatics — Identification of medicinal products — Data 
elements and structures for the unique identification and exchange of 
regulated information on substances 

6 

ISO FDIS 21090 

Health informatics — Harmonized data types for information interchange 

7 

ISO DIS 27789.2 

Health informatics — Audit trails for electronic health records 

8 

ISO 27932: 2009 

HL7 Clinical Document Architecture, Release 2 

9 

ISO TS 22600: 

2006 

Privilege management and access control (Parts 1-3) 

10 

ISO 27799:2008: 

Health informatics — Information security management in health using 

ISO/I EC 27002 

11 

ISO 17115:2007 

Health Informatics-Vocabulary for terminological systems 

12 

ISO 17115:2007 

Health Informatics-Vocabulary for terminological systems 

13 

ISO 12052:2006 

Health Informatics-Digital Imaging and Communication in medicine 
(DICOM) including work flow and data management 

14 

ISO CD 17583 

Health informatics — Terminology constraints for coded data elements 
expressed in ISO Harmonized Data Types used in healthcare information 
interchange 

15 

ISO/TS 

22220:2008(E) 

Health informatics — Identification of subjects of health care 

16 

ISO DTS 14441 

Health informatics — Security and privacy requirements of EHR systems 
for use in conformity assessment 


Table 3: ISO Standards Already Considered 


Reference Model 1 

openEHR (www.openehr.org) is a virtual community working on interoperability and computability in e- 
health. Its main focus is electronic patient records (EHRs) and systems. 


1 Information as available from openEHR website 
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The openEHR Foundation has published a set of specifications defining a health information reference 
model, a language for building 'clinical models', or archetypes, which are separate from the software, 
and a query language. 

The architecture is designed to make use of external health terminologies, such as SNOMED CT, LOINC 
and ICDx. Components and systems conforming to openEHR are 'open' in terms of data (they obey the 
published openEHR XML Schemas), models (they are driven by archetypes, written in the published ADL 
formalism) and APIs. They share the key openEHR innovation of adaptability, due to the archetypes 
being external to the software, and significant parts of the software being machine-derived from the 
archetypes. 

The essential outcome is systems and tools for computing with health information at a semantic level, 
thus enabling true analytic functions like decision support, and research querying. 

Being an ISO standard, ISVs are strongly encouraged to be guided by the contents in their system design. 

Discharge/Treatment Summary Format 

The format for Medical Records as specified by Medical Council of India under regulation 3.1 of ethics, 
will need to be followed whenever any discharge or treatment summary is prepared. The specified 
format is provided in Chapter 11 of this document for ready reference. ISVs should additionally refer to 
available openEHR archetypes for the same. 

Interfacing with Personal Healthcare and Medical Devices 

Where not covered under relevant data exchange standards, it is recommended that IEEE 11073 health 
informatics standards and related ISO standards for medical devices be followed as appropriate 
whenever any personal healthcare/medical device is interfaced with the EHR System for the purpose of 
clinical data exchange, retrieval, storage, etc. 

VARIOUIS ORGANISATIONS AND THEIR RECOMMENDED HEALTHCARE 
INFORMATICS STANDARDS 


Organization 

Standards 

Ministry of Communications and 
Information Technology, 
Government of India 

> Information Technology Infrastructure for Health (ITIH) 
framework 

> Recommendations on Guidelines, Standards & Practices for 
Telemedicine in India 

National Knowledge Commission 

> Indian health information network development (iHIND) 
recommendations from the National Knowledge 

International Organization for 
Standardization (ISO) 

Requirements for Electronic Health Record Architecture (ISO / TS 
18308) 

European Committee for 

Standardization (CEN) 

CEN/TC 251 EN 13606 

American Society for Testing & 
Materials (ASTM) 

Continuity of Care Record (CCR) 
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Health Level 7 (HL7) 

> HL7 v2.x 

> HL7 v3 

> CDA-2 

> FHIR (Fast Health Interoperable Resources) - the newest 
version; easy upgrade from v2.x to FHIR 

> EHR - System Functional Model 

HL7 & ASTM Collaboration 

Continuity of Care Document (CCD) 

National Electrical 

Manufacturer's Association 

(NEMA) 

Digital Imaging and Communications in Medicine (DICOM PS 3.0 
2004 onwards) 


Table 4: Organisations and their recommended Health Informatics Standards 
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3. GUIDELINES 

Hardware 

• The IT hardware used should meet (and preferably be better than) the optimal requirement 
given by the software (to be) used. 

• The medical and IT hardware used must meet the relevant applicable specifications from BIS, 
NEMA, ISO, CE, RoHS, EnergyStar, apart from Medical and IT standards for the equipment. 

• A backup or data preservation mechanism should be considered. Data capacity should be 
planned to meet the storage requirement as per the mandated rule/law. 

• System redundancy at various levels (disk, power, network, etc.) should be planned to meet the 
organizational system availability requirement. 

• Network and data security should be planned, implemented, and periodically audited. Please 
see section on Security and Privacy for requirements and functions to be supported and 
implemented. 

• Hardware should be checked periodically for correctness and completeness of operation 
expected from them. An appropriate maintenance cycle should be planned and followed. 

• Planned and expected Capacity and Quality requirement of the organization should be met by 
the hardware used. Periodic updates and upgrades should be carried out to meet the 
requirements. 

Networking and Connectivity 

• Should be able to harness any telecommunications-related connectivity like the Internet, LAN, 
WAN, WAP, CDMA, GSM or even Cloud Computing that will permit the various EMRs of an 
individual to be integrated into a single lifelong electronic health record 

• As far as practical and affordable, the connectivity medium chosen should be reliable and fast 
enough to sustain a secure data exchange for the period expected for transaction of records and 
data. The speed of the connectivity medium should be chosen from among available options so 
as to provide an acceptable user experience and not cause software/system fault due to 
delays/noise/failure. 

• Should be able to ensure that data exchange is performed in a secure manner to ensure data 
validity and non-repudiability 

• The data exchange must further ensure that data integrity is maintained at all times 

Software Standards 

The software should 

• Conform to the specified standards 

• Satisfy specified requirements 

• Be Interoperable 

• Should be able to ensure role based access control at all times 

• Should be able to support privacy, secrecy and audit trail 

• Possess advanced search, merge, and demerge functionality to ensure that duplicates are 
robustly resolved 

• Should be able to support conception-to-current health records of a person 

• Should be able to support digital archiving and retrieval of health records after the death of a 
person for the total duration as specified by Government of India from time to time 
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• Should be able to construct a health/clinical summary based on available records from the very 
first visit to current 

• Should be able to support for rapid data capture-storage-retrieval-display of data 

• Should be able to ensure user authentication and authorisation 

Proposed Mobile Health Record 

As patients move around the healthcare system there is a need to carry essential information to ensure 
quality healthcare which will give their treating clinician basic information viz., health condition, 
drug/allergy information etc. CCR standard XML file format, with demographics, insurance info, problem 
list/diagnoses, medications, allergy and alerts, vital signs, and lab results, consultation reports, hospital 
discharge and operative reports and investigative and diagnostic results (e.g. ECG reports, tread mill test 
results, biochemistry results, histopathological findings, ultrasound findings, etc.) kept current and 
accurate by a person's healthcare team (nurses, doctors and pharmacists) which includes the patient. 

Conformance to m-governance guidelines of DEITY is 

imperative(http://www.deity.gov.in/content/framework-mobile-governance). 
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4. DATA OWNERSHIP OF EHR 

The Ethical, Legal, Social Issues (ELSI) guidelines for Electronic Health Record (EHR) are recommended as 
follows. 

For the purposes of these recommendations, the term "privacy" shall mean that only those person or 
person(s) including organisations duly authorized by the patient may view the recorded data or part 
thereof. The term "security" shall mean thatall recorded personally identifiable data will at all times be 
protected from any unauthorized access, particularly during transport (e.g. from healthcare provider to 
provider, healthcare provider to patient). The term "trust" shall mean thatperson, persons or 
organisations (doctors, hospitals, patients) are those who they claim they are. 

The following approaches are to be adopted wherever applicable: 

• Privacy would refer to authorization by the owner of the data (the patient) 

• Security would have as components both public and private key encryption; the encryptions 
used in transit and at rest need to be through a different methodology. 

• Trust would be accepted whenever a trusted third party confirms identify 

Protected health information (PHI) would refer to any individually identifiable information whether oral 
or recorded in any form or medium that (1) is created, or received by a stakeholder; and (2) relates to 
past, present, or future physical or mental health conditions of an individual; the provision of health 
care to the individual; or past, present, or future payment for health care to an individual. 

Electronic protected health information (ePHI) would refer to any protected health information (PHI) 
that is created, stored, transmitted, or received electronically. Electronic protected health information 
includes any medium used to store, transmit, or receive PHI electronically. 

The following and any future technologies used for accessing, transmitting, or receiving PHI 
electronically are covered: 


• Media containing data at rest (data storage) 

o Personal computers with internal hard drives used at work, home, or traveling 
o External portable hard drives, including iPods and similar devices 
o Magnetic tape 

o Removable storage devices, such as USB memory sticks, CDs, DVDs, and floppy disks 
o PDAs and smartphones 

• Data in transit, via wireless, Ethernet, modem, DSL, or cable network connections 
o Email 

o File transfer 

For data ownership, a distinction is to be made between 

a. The physical or electronic records, which are owned by the healthcare provider. These are 
held in trust on behalf of the patient, and 
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b. The contained data which are the sensitive personal data of the patient is owned by the 
patient himself/herself. 

c. The healthcare provider will have the privilege to change/append/modify any record in 
relation to the health care of the patient as necessary with a complete documented trail 
of such change. No alteration of the previously saved data will be permitted.No update or 
update like command shall be utilised by the system to store a record or part thereof. A 
new record will be created with the unaltered parts of the existing record. The 
changed/appended/modified data will replace the relevant parts of that record. This 
record shall then be stored and marked as active while rendering the previous version or 
versions of the same record marked inactive. The data will thus be immutable. A strict 
audit trail shall be maintained of all activities at all times that may be suitably reviewed by 
an appropriate authority like auditor, legal representatives of the patient, the patient, 
healthcare provider, privacy officer, court appointed/authorised person, etc. 

d. The medium of storage or transmission of such electronic health record will be owned by 
the healthcare provider. 

e. The "sensitive personal information (SPI) and personal information (PI)" of the patient is 
owned by the patient themselves. Refer to IT Act 2000 for the definition of SPI and PI. 

f. Sensitive Data: As per the Information Technology Act 2000, Data Privacy Rules, refer to 
'sensitive personal data or information' (Sensitive Data) as the subject of protection, but 
also refer, with respect to certain obligations, to 'personal information'. Sensitive Data is 
defined as a subset of 'personal information'. Sensitive Data is defined as personal 
information that relates to: 

i. Passwords; 

ii. Financial information such as bank account or credit card or debit card 
or other payment instrument details; 

iii. Physical, psychological and mental health condition; 

iv. Sexual orientation; 

v. Medical/clinical records and history; 

vi. Biometric information; 

vii. Any detail relating to (1) - (6) above received by the body corporate 
for provision of services; or 

viii. Any information relating to (1) - (7) that is received, stored or 
processed by the body corporate under a lawful contract or otherwise 

Data access and confidentiality would refer to: 

a. Regulations are to be enforced to ensure confidentiality of the recorded patient/health 
data and the patient should have a control over this. 

b. Patients will have the sufficient privileges to inspect and view their health records without 
any time limit. Patient's privileges to amend data shall be limited to correction of errors in 
the recorded patient/health details. This shall need to be performed through a recorded 
request made to the healthcare provider within a period of 30 days from the date of 
discharge in all inpatient care settings or 30 days from the date of clinical encounter in 
outpatient care settings. An audit of all such changes shall be strictly maintained. Both the 
request and audit trail records shall be maintained within the system. Patients will have 
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the privileges to restrict access to and disclosure of individually identifiable health 
information. 

c. All recorded data will be available to care providers on an 'as required on demand' basis 

d. Minimum data standards 

Disclosure of information would be applicable as follows: 

a. For use for treatment, payments and other healthcare operations: In all such cases, a 
general consent must be taken from the patient or next of kin, etc. as defined by 
applicable laws by MCI 2 . 

b. Fair use for non-routine and most non-health care purposes: a specific consent must be 
taken from the patient; format as defined by MCI. 

c. Certain national priority activities, including notifiable/communicable diseases, will be 
specified for which health information may be disclosed to appropriate authority as 
mandated by law without the patient's prior authorization 

Responsibilities of any healthcare provider would include: 

a. Protect and secure the stored health information, as per the guidelines specified in this 
document (chapter on Data privacy and security). 

b. While providing patient information, remove patient identifying information (as provided 
in Table 1), if it is not necessary to be provided 

c. Will ensure that there are appropriate means of informing the patient of policies relating 
to his/her rights to health record privacy 

d. Document all its privacy policies and ensure that they are implemented and followed. This 
will include: 

i. Develop internal privacy policies 

ii. Designate a privacy officer (preferably external, may be internal) who will be 
responsible for implementing privacy policies, audit and quality assurance 

iii. Provide privacy training to all its staff 

Patient will have the privilege to appoint a personal representative to carry out the activities detailed 
below. 

a. Patients will have the privilege to ask for a copy of their health records held by a 
healthcare organization. 

b. Patients will have the privilege to request a healthcare organization that holds their 
health records, to withhold specific information that he/she does not want disclosed to 
other organizations or individuals. 

c. Patient can demand information from a healthcare provider on the details of disclosures 
performed on the patients health records. 

Instances where denial of information will apply are as follows: 

Healthcare provider will be able to deny information to a patient or representative or third 
party, in contravention of normal regulations, if in the opinion of a licensed healthcare 


2 http://www. mciindia.org/rules-and-regulation/Code%20of%20Medical%20Ethics%20Regulations.pdf 
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professional the release of information would endanger the life or safety of the patients and 
others. This will include but not be limited to as follows: 

d. Information obtained from an anonymous source under a promise of confidentiality. 

e. Psychotherapy notes. 

f. Information compiled for civil, criminal or administrative action. 

Instances where use and disclosure without individual authorization will be possible are as follows: 

Disclosures can be performed without individual authorization in the following situations. 

• With Identifiers, on production of court order 

• However, as far as possible, and where appropriate, the data so provided should be 
anonymised to remove information that will allow identification of the patient. 
(Removing identifiers as indicated in the Patient Identifying Information Table below) 

Digital signatures are to be used to prevent non-repudiation (establishing authenticity of author of 
the document) and trust by the recipient. 

Follow e-Pramaan National e-Authentication service offered by DeitY, Govt. Of India 
http://epramaan.gov.in/ 

Reference Framework for e-authentication - ePramaan 

http://egovstandards.gov.in/policy/framework-document-for-e-authentication-epramaan 
Reference Guidelines for Digital Signatures, available at 

http://egovstandards.gov.in/guidelines/Guidelines%20for%20Digital-signature/view 

Additional Reference Guidelines for Information Security, available at 
http://egovstandards.gov.in/guidelines/guidelines-for-information-security/view 

Electronic Health Records Preservation 

Preservation of health records assume significant importance in view of the fact that an electronic 
health record of a person is an aggregation of all electronic medical records of the person from the very 
first entry till date. Hence, all records must compulsorily be preserved and not destroyed during the life¬ 
time of the person, ever. 

The digital records must be preserved till such time according to the prevalent law of the land. 

It is however preferred and ISVs are strongly encouraged to ensure that the records are never be 
destroyed or removed permanently. The health of the blood relatives and natural descendants of the 
person can be strongly influenced by the health of the person and on-demand access to these may 
prove to be hugely useful in the maintenance of the health of the the relations. 

Furthermore, analysis of health data of all persons is expected to greatly benefit in the understanding of 
health, disease processes and the amelioration therof. 

With rapid decline in costs of data archiving coupled with the ability to store more and more data that 
may be readily accessible, continued maintenance of such data is not expected to lead to any big impact 
on the overall system maintenance and use. 
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Patient Identifying Information 

Data are "individually identifiable" if they include any of the under mentioned identifiers for an 
individual or for the individual's employer or family member, or if the provider or researcher is aware 
that the information could be used, either alone or in combination with other information, to identify an 
individual. These identifiers are as follows: 

1. Name 

2. Address (all geographic subdivisions smaller than street address,, and PIN code) 

3. All elements (except years) of dates related to an individual (including birth date, date of death, 

4. Telephone and/or Fax numbers 

5. Email address 

6. Medical record number 

7. Health plan beneficiary number 

8. Bank Account and/or Credit Card Number 

9. Certificate/license number 

10. Any vehicle or other any other device identifier or serial numbers 

11. PAN number 

12. Passport number 

13. ADHAAR number 

14. Voter ID card 

15. Fingerprints/Biometrics 

16. Voice recordings that are non-clinical in nature 

17. Photographic images and that possibly can individually identify the person 

18. Any other unique identifying number, characteristic, or code 

Table 5: Patient Identifying Information 

Applicable legislation details: The existing Indian laws, including but not limited to IT Act 2000 and 
as amended from time to time will prevail at all times (http://deity.gov.in/content/information- 
technology-act-2000) 
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5. DATA PRIVACY & SECURITY 
Security of Electronic Health Information: 

The Privacy Standards and the Security Standards are necessarily linked. Any health record system 
requires safeguards to ensure the data is available when needed and that information is not used, 
disclosed, accessed, altered, or deleted inappropriately while being stored or transmitted. The Security 
Standards work together with the Privacy Standards to establish appropriate controls and protections. 
Health sector entities that are required to comply with the Privacy Standards also must comply with the 
Security Standards. 

Organizations must consider several factors when adopting security measures. How a healthcare 
provider satisfies the security requirements and which technology it decides to use are business 
decisions left to the individual organization. In deciding what security measures to adopt, an 
organization must consider its size, complexity, and capabilities; it's technical infrastructure, hardware, 
and software security capabilities; the cost of particular security measures; and the probability and 
degree of the potential risks to the e-PHI it stores and transmits. 

Standards 

Purpose of the Security Standards 

The Security Standards require healthcare providers to implement reasonable and appropriate 

administrative, physical, and technical safeguards to 

• Ensure the confidentiality, integrity, and availability of all the e-PHI they create, transmit, 
receive, or maintain 

• Protect against reasonably anticipated threats or hazards to the security or integrity of their e- 

PHI 

• Protect against uses or disclosures of the e-PHI that are not required or permitted under the 
Privacy Standards 

• Ensure their workforce will comply with their security policies and procedures 

Technical Standards 

To protect the e-PHI handles by a healthcare provider, the provider must implement technical 
safeguards as part of its security plan. Technical safeguards refer to using technology to protect e-PHI 
by controlling access to it. Therefore, they must address the following standards focusing on the 
following. It is worth noting that they will need to use an EHR solution that is able to successfully and 
robustly demonstrate the possession and working of these functionalities. 

Access control: The solution must assign a unique name and/or number for identifying and tracking user 
identity and establish controls that permit only authorized users to access electronic health information. 
In cases of emergency where access controls need to be suspended in order to save a live, authorized 
users (who are authorized for emergency situations) will be permitted to have unfettered access 
electronic health information for the duration of the emergency with the access remaining in force 
during the validity of the emergency situation. 
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Access Privileges: Ideally only clinical care providers should have access rights to a person's clinical 
records. However, different institutional care providers have widely varying access privileges specified 
that are institution-specific. No country-wide standards can be specified for this at least at this point in 
time. 

Automatic log-off: An electronic session after a predetermined time of inactivity must be forcibly 
terminated. To log in back, the user will have to initiate a new log in session. However, for the sake of 
ergonomics, it is recommended that the unsaved state of the system at the time of automatic log-off be 
saved and presented back to the user for further action. This should be a user-specific feature. 

Audit log: 

• All actions related to electronic health information in accordance with the standard specified in 
this document including viewing should be recorded. 

• Based on user-defined events must be provided. 

• All or a specified set of recorded information upon request or at a set period of time must be 
electronically displayed and printed. 

Integrity: 

• During data transit the fact that the electronic health information has not been altered in transit 
in accordance with the standard specified in this document must be verifiable. 

• Detection of events - all alterations and deletions of electronic health information and audit logs, 
in accordance with the standard specified in this document must be detected. 

Authentication: 

• Locally within the system the fact that a person or entity seeking access to electronic health 
information is the one claimed and is authorized to access such information must be verifiable. 

• Across the network, however extensive it might be -that a person or entity seeking access to 
electronic health information across a network is the one claimed and is authorized to access such 
information in accordance with the standard specified in this document must be verifiable. 

Encryption: 

• Generally, all electronic health information must be encrypted and decrypted as necessary 
according to user defined preferences in accordance with the best available encryption key 
strength. 

• During data exchange all electronic health information must be suitably encrypted and decrypted 
when exchanged in accordance with an encrypted and integrity protected link. 

• All actions related to electronic health information must be recorded with the date, time, patient 
identification, and user identification whenever any electronic health information is created, 
modified, deleted, or printed; and an indication of which action(s) took place must also be 
recorded. 

• Appropriate verification that electronic health information has not been altered in transit shall be 
possible at any point in time. A secure hashing algorithm must be used to verify that electronic 
health information has not been altered in transit and it is recommended that the secure hash 
algorithm (SHA) used must be SHA-1 or higher. 

• A cross-enterprise secure transaction that contains sufficient identity information such that the 
receiver can make access control decisions and produce detailed and accurate security audit trails 
must be used within the system. 
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Administrative Safeguards Standards 

The Administrative Safeguards require healthcare providers to develop and implement a security 
management process that includes policies and procedures that address the full range of their security 
vulnerabilities. Being administrative in nature, these need to be internally designed and developed as 
SOP that must be published for all users to see and adhere to. Conformance to adherence may be 
delegated to the Privacy Officer detailed in the Data Ownership chapter above. To comply with the 
Administrative Safeguards, a healthcare provider must implement the following standards. 

• The security management process standard, to prevent security violations; 

• Assigned security responsibility, to identify a security officer; 

• Workforce security, to determine e-PHI user access privileges; 

• Information access management, to authorize access to e-PHI; 

• Security awareness training, to train staff members in security awareness; 

• Security incident procedures, to handle security incidents; 

• Contingency plan, to protect e-PHI during an unexpected event; and 

• Evaluation, to evaluate an organization's security safeguards. 

Physical Safeguards Standards 

Physical safeguards are security measures to protect a healthcare provider's electronic information 
systems, related equipment, and the buildings housing the systems from natural and environmental 
hazards, and unauthorized intrusion. Covered entities must fulfill the following four standards. However, 
since most of the implementation specifications in this category are addressable, healthcare providers 
will have considerable flexibility in how to comply with the requirements as long as these are internally 
designed and developed as SOP and published for all users to see and adhere to. Conformance to 
adherence may be delegated to the Privacy Officer detailed in the Data Ownership chapter above. 

The required physical standards are: 

• The facility access control standard, to limit actual physical access to electronic information 
systems and the facilities where they're located; 

• The workstation use standard, to control the physical attributes of a specific workstation or group 
of workstations, to maximize security; 

• The workstation security standard, to implement physical safeguards to deter the unauthorized 
access of a workstation; and 

• The device and media controls standard, to control the movement of any electronic media 
containing e-PHI from or within the facility. 
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7. ANNEXURE: EHR MINIMUM DATA SET (MDS) 

The following MDS is a reference data model. In order to kick-start EHR system implementation, a reference data model is provided below. 
However, ISVs must follow the data model/structure as provided in the applicable standard for the purpose. 

Vendors are free and indeed encouraged to opt for additional data to satisfy additional and the unmet needs of the various stakeholders, 
principally the patients and the clinical care providers. 


Data Item 

Data Type 

Data Length 

Format/Values 

Status 

Additional Observations 

UHID 

Numeric 

12 

As per Aadhar 
Specifications 

Mandatory if no other 
concomitant ID is used in 
the system, else optional 

Only the public key will be used and 
that too only for identification, aid in 
patient search, patient merge and 
demerge functionalities. Wherever 
Adhaar Number is unavailable ISVs 

will need to use the state and 
district from the patient's address, 
the patient's name, gender, age, 
father's name and mother's name 
to uniquely identify the patient 

Alternate UHID 

Any 

Any 

As per 

institution/vendor' 
s specifications 

Mandatory if no other 
concomitant ID is used in 
the system, else optional 

Any other/additional ID may be used 
including but not limited to those 
issued central/state/local 
government or the care provider as 
long as they are unique in nature 
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Patient Name 

As specified 

As specified 

To be split into First 
Name, Middle 

Name and Last 
(Family) Name 

Mandatory 

MDDS 

(http://egovstandards.gov.in/standa 
rdsandFramework/metadata-and- 
data-standards/MDDS- 
Demographic%20Ver%201.1.pdf/at_ 
download/file) may be referred to 
for patient demographics data; only 
the person identification part of the 
meta data and data standards are 
applicable 

Patient Date of 

Birth 

Date 

As specified 


Mandatory in Inpatients 
settings, Optional in others 

As specified in ISO date format 

Patient Age 

Numeric 

Fixed 

999,99,999 no 
preceding zero 
[years, months, 
days] 

Mandatory 

Age is to be automatically calculated 
if date of birth is entered/available; 
once the patient's age is available, all 
client systems must automatically 
"age" the patient. For this, unless 
the patient's date of birth is 
available, the age will be 
approximated with the assumption 
that the patient was born on the 1st 
day of that month of that year that 
the entered age appears to point to. 
The record display will need to 
clearly show that this age is an 
approximated one and that the 
patient may actually be older by 1 
month maximally 
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Patient Gender 

Alphanumeric 

1 

To be shortened to 
one byte as M, F, 1 
or N for Male, 
Female, 

Indeterminate, Not 
Stated/lnadequatel 
y Described. 

Systems should 
translate and show 

the full form on 

user screens 

Mandatory 

The values are as specified in ISO/TS 
22220:2008(E), Health informatics — 
Identification of subjects of health 
care (NB: this is a technical 
specification and not a standard per 
se) 

Patient 

Occupation 

As specified 

As specified 


Mandatory 

It is recommended that MDDS be 
followed; details are given above 

Patient Address 
Type 

Alphanumeric 

9 

Current/Permanent 

/Previous 

Mandatory 


Patient Address 

Line 1 

As specified 

As specified 


Mandatory 

It is recommended that MDDS be 
followed; details are given above 

Patient Address 

Line 2 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 

Patient 

City/Town/Villag 
e/Police Station 

As specified 

As specified 


Mandatory 

It is recommended that MDDS be 
followed; details are given above 

Patient District 

As specified 

As specified 


Mandatory 

It is recommended that MDDS be 
followed; details are given above 

Patient State 

As specified 

As specified 


Mandatory 

It is recommended that MDDS be 
followed; details are given above; 
Alternatively, ISO 3166-2:IN may also 
be used for Indian States 

Patient Pin Code 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 
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Patient Country 
Code 

As specified 

As specified 

As per ISO Country 
Codes 

Mandatory 

ISO 3166-1 alpha-2 or ISO 3166-1 
alpha-3 

Patient Phone 
Type 

Alphanumeric 

20 

Landline/Mobile/P 

P- 

Landline/Neighbou 

r Landline/Relation 

Landline 

/Neighbour 

Mobile/Relation 

Mobile 

Optional 


Patient Phone 

Number 

Alphanumeric 

16 

(099)9999999999 

Optional 


Patient Email ID 

Alphanumeric 

255 

Must contain 

and at 

appropriate 

positions 

Optional 


Emergency 

Contact Person 

Name 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 
Relationship 

Alphanumeric 

9 

Spouse/Parent/Chil 

d/Partner/Cousin/F 

riend/Neighbour/O 

ther 

Mandatory, if used, else 
Optional 


Emergency 

Contact Person 
Address Type 

Alphanumeric 

9 

Current/Permanent 

/Previous 

Mandatory, if used, else 
Optional 
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Emergency 

Contact Person 

Address Line 1 

As specified 

As specified 


Mandatory, if used, else 
Optional 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 

Address Line 1 

As specified 

As specified 


Mandatory, if used, else 
Optional 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 

Address Line 2 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 
City/Town/Villag 
e/ Police Station 

As specified 

As specified 


Mandatory, if used, else 
Optional 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 

District 

As specified 

As specified 


Mandatory, if used 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 

State 

As specified 

As specified 


Mandatory, if used 

It is recommended that MDDS be 
followed; details are given above; 
Alternatively, ISO 3166-2:IN may also 
be used for Indian States 

Emergency 

Contact Person 

Pin Code 

As specified 

As specified 


Optional, if used 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 
Country Code 

As specified 

As specified 

As per ISO Country 
Codes 

Optional, if used 

ISO 3166-1 alpha-2 or ISO 3166-1 
alpha-3 
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Emergency 

Contact Person 
Phone Type 

Alphanumeric 

20 

Landline/Mobile/P 

P-Landline/ 

Neighbour 

Landline/Relation 

Landline 

/Neighbour 

Mobile/Relation 

Mobile 

Optional 


Emergency 

Contact Person 

Phone Number 

Alphanumeric 

16 

(099)9999999999 

Optional 


Emergency 

Person Email ID 

Alphanumeric 

255 

Must contain 

and at 

appropriate 

positions 

Optional 


Care Provider 

Name 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 

Care Provider 

Type 

Alphanumeric 

18 

Primary 

Physician/Consulta 

nt/Specialist/Denta 

1 

Surgeon/Orthodon 

tist/Nurse/Physioth 

erapist/ 

Optional 


Care Provider 
Address Type 

Alphanumeric 

9 

Current/Permanent 

/Previous 

Mandatory, if used, else 
Optional 


Care Provider 

Address Line 1 

As specified 

As specified 


Mandatory, if used, else 
Optional 

It is recommended that MDDS be 
followed; details are given above 

Care Provider 

Address Line 2 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 
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Care Provider 
City/Town/Villag 
e/ Police Station 

As specified 

As specified 


Mandatory, if used, else 
Optional 

It is recommended that MDDS be 
followed; details are given above 

Care Provider 

District 

As specified 

As specified 


Mandatory, if used 

It is recommended that MDDS be 
followed; details are given above 

Care Provider 

State 

As specified 

As specified 


Mandatory, if used 

It is recommended that MDDS be 
followed; details are given above; 
Alternatively, ISO 3166-2:IN may also 
be used for Indian States 

Care Provider Pin 

Code 

As specified 

As specified 


Optional, if used 

It is recommended that MDDS be 
followed; details are given above 

Care Provider 
Country Code 

As specified 

As specified 

As per ISO Country 
Codes 

Optional, if used 

ISO 3166-1 alpha-2 or ISO 3166-1 
alpha-3 

Care Provider 
Phone Type 

Alphanumeric 

20 

Landline/Mobile/P 

P-Landline/ 

Neighbour 

Landline/Relation 

Landline 

/Neighbour 

Mobile/Relation 

Mobile 

Optional 


Care Provider 

Phone Number 

Alphanumeric 

16 

(099)9999999999 

Optional 


Care Provider 

Email ID 

Alphanumeric 

255 

Must contain 

and at 

appropriate 

positions 

Optional 


Insurance Status 

Alphanumeric 

9 

Insured/Uninsured 

Optional 
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Insurance ID 

Alphanumeric 

25 

As appropriate 

Mandatory if Insurance 

Type is Entered, else 

Optional 


Organ Donor 
Status 

Alphanumeric 

1 

Y- Yes or N - No 

Optional 


Episode Type 

Alphanumeric 

8 

New/Ongoing, 

alternatively 

New/Active/lnactiv 

e 

Optional 


Episode Number 

Numeric 

6 

999999 format - 
no prefixed 0 

Mandatory if Episode Type 
is Entered, else Optional 

For definition of episode, please 
refer to the definitions chapter 
above; this is patient specific and not 
site or care provider specific 

Encounter Type 

Alphanumeric 

14 

Outpatient/lnpatie 

nt/Emergency/Inve 

stigations 

Mandatory 

For definition of encounter, please 
refer to the definitions chapter 
above 

Encounter 

Number 

Numeric 

6 

999999 format - 
no prefixed 0 

Mandatory 

It must be ensured that the no 
encounter number is arbitrarily 
assigned. The system will need to 
ensure this. When linking records 
from diverse systems, episode and 
encounter reconciliation through 
appropriate merging and demerging 
will need to take place. However, 
this is a design and development 
issue, and out of scope for the work 
of MDS proposal 
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Encounter Date 

& Time 

Datetime 

Fixed 

Complete date plus 
hours, minutes and 
seconds/Complete 
date plus hours, 
minutes, seconds 
and a decimal 

fraction of a 

second 

Mandatory; should be 
auto-inserted by the 
system from system time 
that is synchronised with 
Indian Standard Time 

As per ISO date time format 

Reason for Visit 

Alphanumeric 

4096 3 


Mandatory 

More than one reason for visit may 
be entered 

Present History 

Alphanumeric 

4096 


Optional 


Past History 

Alphanumeric 

4096 


Optional 


Personal History 

Alphanumeric 

4096 


Optional 


Family History 

Alphanumeric 

4096 


Optional 



’Both structured and unstructured data can be used wherever the data type is alphanumeric and data length is 4096 and if necessary, it can be made longer. 
This is true for all fields in the Minimum Data Set wherever the field size of 4096 occurs. 
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Menstrual & 
Obstetric History 

Alphanumeric 

4096 

LMP, Cycle 

Duration, Gravida, 
Parity to be 
captured as 
structured data 

where LMP: date 
type; Cycle 

Duration, Gravida, 
Parity: numeric 
type; 

Optional 

Menstrual & Obstetric History to be 
available only if the chosen gender is 
female 

Socio-economic 

Status 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 

Immunization 

History 

Alphanumeric 

4096 


Optional 

It is preferable that the details are 
captured in as granular a manner as 
is practical; multiple entries should 
be possible, with a list of values for 
each vaccine type and dates 
administered with current status 
(administered/not-administered) 

Allergy Status 

Alphanumeric 

8 

Active/Inactive 

Optional 


Allergy History 

Alphanumeric 

4096 


Optional/Mandatory if 
Allergy Status is entered 

Allergies will be a list of values (drug 
generics, etc.) that would, in future, 
allow allergy alerts to be activated 

Allergy Severity 

Alphanumeric 

8 

Mild/Moderate/Se 

vere 

Optional/Mandatory if 
Allergy Status is entered 
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Clinical Exam 

Vitals Systolic BP 

Numeric 

3 

999 - no preceding 

0 

Optional 

Unit of measurement is mmHg 

Clinical Exam 

Vitals Diastolic 

BP 

Numeric 

3 

999 - no preceding 

0 

Optional 

Unit of measurement is mmHg 

Clinical Exam 

Pulse Rate 

Numeric 

3 

999 - no preceding 

0 

Optional 

Unit of measurement is per minute 

Clinical Exam 
Temperature (°C) 

Floating 

2 digits, 2 
decimals 

99.99 

Optional 

Unit of measurement is degrees 
Centigrade; if degrees Fahrenheit is 
to be used, then this may be 
converted at run time for display or 
data manipulation purposes by the 
system 

Clinical Exam 
Temperature 
Source 

Alphanumeric 

6 

Oral/Armpit/Groin/ 

Rectal 

Mandatory, if Temperature 
is captured 


Clinical Exam 
Respiration Rate 

Numeric 

3 

999 - no preceding 

0 

Optional 

Unit of measurement is per minute 

Clinical Exam 
Height (cms) 

Floating 

3 digits, 2 
decimals 

999.99 

Optional 

Unit of measurement is centimetres; 
if any other unit of measurement, 
like feet, is to be used, then this may 
be converted at run time for display 
or data manipulation purposes by 
the system 

Clinical Exam 
Weight (kgs) 

Floating 

3 digits, 2 
decimals 

999.99 

Optional 

Unit of measurement is kilograms; if 
any other unit of measurement, like 
pounds, is to be used, then this may 
be converted at run time for display 
or data manipulation purposes by 
the system 
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Blood Group 

Alphanumeric 

3 

A+/A-/B+/B- 

/AB+/AB-/0+/0- 

Optional 


Clinical Exam 

Observation 

Alphanumeric 

4096 


Mandatory 

It is recommended that SNOMED-CT 

be used for all clinical 
terms/observations 

Investigation 

Results 

Alphanumeric 

4096 


Mandatory in Inpatients 
settings, Optional in others 

It is recommended that LOINC be 
used for all laboratory observations 

Clinical Summary 

Alphanumeric 

4096 


Mandatory 

It is recommended that SNOMED-CT 

be used for all clinical 
terms/observations 

Diagnosis Type 

Alphanumeric 

11 

Provisional/Final/A 

dmission/lnterim/ 

Working/Discharge 

Mandatory 


Diagnosis Code 
Name 

As specified 

As specified 

ICD/SNOMED 

CT/Free 

Mandatory 

This denotes the name of the 
diagnosis coding system - SNOMED- 
CT/ICD, etc. It is recommended that 
SNOMED-CT be used. Till such time 
SNOMED-CT license is procured, it is 
recommended that ICD be used 

Diagnosis Code 

As specified 

As specified 

Coding system 
dependent 

Mandatory 

Diagnosis Code should allow multiple 
entries per encounter record 

Diagnosis 

(Description) 

Alphanumeric 

4096 


Mandatory 


Treatment Plan 
Investigations 

Alphanumeric 

4096 


Mandatory in Inpatients 
settings, Optional in others 

The user may or may not enter any 
value 
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Treatment Plan 

Medication 

Alphanumeric 

4096 


Mandatory 

It is preferable that the details are 
captured in as granular a manner as 
is practical; for the allopathic system 
of medicine, it is suggested that 
something similar to the contents of 
the table below be followed - this 
requirement is not mandatory 

Treatment Plan 

Procedure 

Alphanumeric 

4096 


Mandatory in Inpatients 
settings, Optional in others 

Should be "None" if no procedure is 
advised/dispensed 

Treatment Plan 

Referral 

Alphanumeric 

4096 


Optional 

For use in referral cases only 

Other Treatment 
Plan Type 

Alphanumeric 

10 

Diet/Life-style/ 

Others 

Optional 


Other Treatment 

Plan Details 

Alphanumeric 

4096 


Mandatory if Other 
Treatment Type is selected 


Current Clinical 

Status 

Alphanumeric 

255 

[Free text] 

Mandatory 

Captures the current clinical status; 
synonymous with clinical outcome or 
condition at discharge; it is 
preferable that terms such as "Fair", 
"Relieved", "Better", "Same", 

"Worse", "Fatal", etc. be used 
instead of long narratives 

Care Provider 
Digital Signature 

As appropriate 

As 

appropriate 

As appropriate 

Mandatory only for records 
related to MLC; optional 
for others 4 

Please refer to the Digital Signatures 
section in Chapter 7 - Data 

Ownership 


4 Audit trail requirements would ensure that every record is associated with a unique date-time stamp of the entry and the user who makes it - known through 
RBAC (login with unique ID and password) - thereby ensuring that every entry is de facto digitally signed. 
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• All fields from UHID to Organ Donor Status constitutes the demographics information, the rest clinical information. Thus, the former will 
represent the header and the latter the body. 

• It is strongly recommended that the contents of the header section may only be entered once during registration and updated periodically 
as necessary. 

• Date of birth, once entered, cannot be changed ever and is thus immutable. 

• The contents of the body must be entered anew on every clinical encounter. 

• Appropriate search functionality should be provided to ensure that any patient is uniquely identifiable even in the absence of a unique 
identifier (eg, the patient is unable to recall it, has misplaced his/her old records, etc.) 


MEDICATION DETAILS (for allopathic system of medicine only): 


Data Item 

Data Type 

Data Length 

Format/Values 

Status 

Additional Observations 

Medication 

Name 

As specified 

As specified 

As per the drug 
database 

Optional; if entered, then 
some fields are mandatory 
as specified below 

Should preferably be generic 

Drug Code 

As specified 

As specified 

As per the drug 
database 

Mandatory, if entered 

Auto populated by the system 

Drug Identifier 

As specified 

As specified 


Optional 

GS1 bar/QR code 

Strength 

As specified 

As specified 

As per the drug 
database 

Mandatory, if entered 

Should be presented as a LOV 

Dose 

As specified 

As specified 


Mandatory, if entered 

To be entered by the care provider 

Route 

As specified 

As specified 


Mandatory, if entered 

To be entered by the care provider 

Frequency 

As specified 

As specified 


Mandatory, if entered 

To be entered by the care provider 

Duration 

As specified 

As specified 


Mandatory, if entered 

To be entered by the care provider; 
this represents the length of time 
the medication is to be taken 


Table 6: EHR MDS 
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N.B. Due to requirements associated with medical tourism, it is recommended that ISVs keep this in mind while designing the address fields, 
leaving enough flexibility to enter a foreign district, state and country. 

MDS and CEN / TC 251 EN 13606 (EHRCom): The EHRCom standard is recommened for data model specification. The Minimum Data Set is to be 
used as reference while designing the Archetypes to ensure archetype level interoperability between different EHR systems. 
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10. ACRONYMS, DEFINITIONS & GLOSSARY 


[A] 

ADSL (Asymmetric Digital Subscriber Line): A type of DSL that uses copper telephone lines to transmit 
data faster than a traditional modem. ADSL only works within short distances because it uses high 
frequencies with short signals. 

Allergy List: This is a list of all the patient's allergies. 

Allopathic, Allopathy: Defined as relating to or being a system of medicine that aims to combat disease 
by using remedies (as drugs or surgery) which produce effects that are different from or incompatible 
with those of the disease being treated 

Ambulatory care: Any medical care delivered on an outpatient basis. 

ANM: Auxiliary Nurse Midwife 

ASHA: Accredited Social Health Activist is usually a literate 25 - 45 yr old married/ widowed/ divorced 
lady selected from the village itself and accountable to it and trained to work as an interface between 
the community and the public health system. This is position is one of the key components of the 
National Rural Health Mission aimed at providing every village in the country with a trained female 
community health activist 

ATC: Anatomical Therapeutic Chemical Classification System,controlled by the WHO Collaborating 
Centre for Drug Statistics Methodology (WHOCC), is used for drug classification. 

Authentication: The verification of the identity of a person or process. 

Authorization: Any document designating any permission. Authorization or waiver of authorization for 
the use or disclosure of identifiable health information for research (among other activities) is required. 
The authorization must indicate if the health information used or disclosed is existing information 
and/or new information that will be created. The authorization form may be combined with the 
informed consent form, so that a patient need sign only one form. An authorization must include the 
following specific elements: a description of what information will be used and disclosed and for what 
purposes; a description of any information that will not be disclosed, if applicable; a list of who will 
disclose the information and to whom it will be disclosed; an expiration date for the disclosure; a 
statement that the authorization can be revoked; a statement that disclosed information may be re¬ 
disclosed and no longer protected; a statement that if the individual does not provide an authorization, 
she/he may not be able to receive the intended treatment; the subject's signature and date. 

AYUSH: Ayurveda, Yoga, Unani, Siddha and Homeopathy. Falls under the broad category of Indian 
Systems of Medicines and Homoeopathy (ISM&H) governed by Ministry of Health and Family Welfare, 
Government of India 


[C] 



File No. Q-11011/2/2016-eGov (Computer No. 3062309 ) 
Receipt No : 289301/2016/MOHFW 


CCD (Continuity of Care Document): A joint effort of HL7 International and ASTM. CCD fosters 
interoperability of clinical data by allowing physicians to send electronic medical information to other 
providers without loss of meaning and enabling improvement of patient care. CCD is an implementation 
guide for sharing Continuity of Care Record (CCR) patient summary data using the HL7 Version 3 Clinical 
Document Architecture (CDA), Release 2. It establishes a rich set of templates representing the typical 
sections of a summary record, and these same templates for vital signs, family history, plan of care, and 
so on can then be used for establishing interoperability across a wide range of clinical use cases. 

CDT: Common Dental Terminology 

Chain of Trust Agreement: A contract needed to extend the responsibility to protect health care data 
across a series of sub-contractual relationships. 

Chief Complaint (CC), Reason for Consultation (RFC), Reason for Visit (ROV): for recording a patient's 
disease symptoms. 

Client/Serverarchitecture: An information-transmission arrangement, in which a client program sends a 
request to a server. When the server receives the request, it disconnects from the client and processes 
the request. When the request is processed, the server reconnects to the client program and the 
information is transferred to the client. This usually implies that the server is located on site as opposed 
to the ASP (Application Server Provider) architecture. 

Clinical Care Provider: Personnel or entities directly related to providing clinical care to patient. 

Clinical Data Repository (CDR): A real-time database that consolidates data from a variety of clinical 
sources to present a unified view of a single patient. It is optimized to allow clinicians to retrieve data for 
a single patient rather than to identify a population of patients with common characteristics or to 
facilitate the management of a specific clinical department. 

Clinical Decision Support System (CDSS): A clinical decision support system (CDSS) is software designed 
to aid clinicians in decision making by matching individual patient characteristics to computerized 
knowledge bases for the purpose of generating patient-specific assessments or recommendations. 

Clinical Establishment:Clinical establishment means (1) a hospital, maternity home, nursing home, 
dispensary, clinic, sanatorium or an institution by whatever name called that offers services, facilities 
requiring diagnosis, treatment or care for illness, injury, deformity, abnormality or pregnancy in any 
recognised system of medicine established and administered or maintained by any person or body of 
persons, whether incorporated or not; or (2) a place established as an independent entity or part of an 
establishment referred to above, in connection with the diagnosis or treatment of diseases where 
pathological, bacteriological, genetic, radiological, chemical, biological investigations or other diagnostic 
or investigative services with the aid of laboratory or other medical equipment, are usually carried on, 
established and administered or maintained by any person or body of persons, whether incorporated or 
not. (Clinical Establishment Act - CEA 2010) 

Clinical Guidelines (Protocols): Clinical guidelines are recommendations based on the latest available 
evidence for the appropriate treatment and care of a patient's condition. 

Clinical Messaging: Communication of clinical information within the electronic medical record to other 
healthcare personnel. 
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Coded Data: Data are separated from personal identifiers through use of a code. As long as a link exists, 
data are considered indirectly identifiable and not anonymous or anonymized. 

Code Set: Any set of codes used to encode data elements, such as tables of terms, medical concepts, 
medical diagnostic codes, or medical procedure codes. This includes both the codes and their 
descriptions. 

Coding: A mechanism for identifying and defining physicians' and hospitals' services. Coding provides 
universal definition and recognition of diagnoses, procedures and level of care. Coders usually work in 
medical records departments and coding is a function of billing. Medicare fraud investigators look 
closely at the medical record documentation, which supports codes and looks for consistency. Lack of 
consistency of documentation can earmark a record as "up-coded" which is considered fraud. A national 
certification exists for coding professionals and many compliance programs are raising standards of 
quality for their coding procedures. 

Computer-Based Patient Record (CPR): A term for the process of replacing the traditional paper-based 
chart through automated electronic means; generally includes the collection of patient-specific 
information from various supplemental treatment systems, i.e., a day program and a personal care 
provider; its display in graphical format; and its storage for individual and aggregate purposes. CPR is 
also called "digital medical record" or "electronic medical record". 

Computerized Patient Record (CPR): Also known as an EMR or, when in context, EHR. A patient's past, 
present, and future clinical data stored in a server. 

Computerized Physician Order Entry (CPOE): A system for physicians to electronically order labs, 
imaging and prescriptions 

CPT (Current Procedural Terminology) Code: A recognizable five-digit number used to represent a 
service provided by a healthcare provider. It is a manual that assigns five digit codes to medical services 
and procedures to standardize claims processing and data analysis. The coding system for physicians' 
services developed by the CPT Editorial Panel of the American Medical Association. 

[D] 

Data Content: All the data elements and code sets inherent to a transaction, and not related to the 
format of the transaction. 

Data: This is factual information (as measurements or statistics) used as a basis for reasoning, 
discussion, or calculation. It additionally points to the information output by a sensing device or organ 
that includes both useful and irrelevant or redundant information and must be processed to be 
meaningful. 

Database Management System (DBMS): The separation of data from the computer application that 
allows entry or editing of data. 

DICOM (Digital Imaging and Communications in Medicine): Digital Imaging and Communications in 
Medicine (DICOM) is a standard to define the connectivity and communication between medical 
imaging devices. 
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Disease Management: A type of product or service now being offered by many large pharmaceutical 
companies to get them into broader healthcare services. Bundles use of prescription drugs with 
physician and allied professionals, linked to large databases created by the pharmaceutical companies, 
to treat people with specific diseases. The claim is that this type of service provides higher quality of 
care at more reasonable price than alternative, presumably more fragmented, care. The development of 
such products by hugely capitalized companies should be the entire indicator necessary to convince a 
provider of how the healthcare market is changing. Competition is coming from every direction—other 
providers of all types, payers, employers who are developing their own in-house service systems, the 
drug companies. 

Document Imaging: Is a process of converting paper documents into an electronic format usually 
through a scanning process. 

Document Management: The Document Manager allows the medical institution to store vital patient 
documents such as X-Ray's, Paper Reports, and Lab Reports etc. 

Documentation: The process of recording information. 

DOHAD:Developmental Origins of Health and Diseases 

Drug Formulary: Varying lists of prescription drugs approved by a given health plan for distribution to a 
covered person through specific pharmacies. Health plans often restrict or limit the type and number of 
medicines allowed for reimbursement by limiting the drug formulary list. The list of prescription drugs 
for which a particular employer or State Medicaid program will pay. Formularies are either "closed," 
including only certain drugs or "open," including all drugs. Both types of formularies typically impose a 
cost scale requiring consumers to pay more for certain brands or types of drugs. See also Formulary. 

Drug Formulary Database: This EMR feature is used for electronic prescribing, electronic medical record 
(EMR), and computerized physician order entry (CPOE) systems to present formulary status to the 
provider while during the prescribing decision. 

DSM: Diagnostic and Statistical Manual for Mental Diseases 

[E] 

EDI: Acronym for Electronic Data Interchange. Electronic communication between two parties, generally 
for the filing of electronic claims to payers. 

EDI Translator: Used in electronic claims and medical record transmissions, this is a software tool for 
accepting an EDI transmission and converting the data into another format, or for converting a non-EDI 
data file into an EDI format for transmission. See also Electronic Data Interchange. 

EHR/EMR System Designer, Developer, Manufacturer, Vendor, Supplier, Retailer, Re-seller: Any entity 
that is involved in the design, development, testing, manufacturing, supplying, selling including re-selling 
of Electronic Health Records or Electronic Medical Records Systems as a whole or part thereof. 

Electronic Data Interchange (EDI): The automated exchange of data and documents in a standardized 
format. In health care, some common uses of this technology include claims submission and payment, 
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eligibility, and referral authorization. This refers to the exchange of routine business transactions from 
one computer to another in a standard format, using standard communications protocols. 

Electronic Health Records (EHR): is a distributed personal health record in digital format. The EHR 
provides secure, real-time, patient-centric information to aid clinical decision-making by providing 
access to a patient's health information at the point of care. Patient health records including treatment 
history, medical test reports, and images stored in an electronic format that can be accessed by 
healthcare providers on a computer network 

Electronic Medical Records (EMR): A computer-based record containing health care information. This 
technology, when EMR fully developed, meets provider needs for real-time data access and evaluation 
in medical care. Together with clinical workstations and clinical data repository technologies, it provides 
the mechanism for longitudinal data storage and access. A motivation for healthcare entities to 
implement this technology derives from the need for medical outcome studies, more efficient care, 
speedier communication among providers and management of health plans. This record may contain 
some, but not necessarily all, of the information that is in an individual's paper-based medical record. 

Electronic protected health information (ePHI): Electronic protected health information (ePHI) is any 
protected health information (PHI) that is created, stored, transmitted, or received electronically. 
Electronic protected health information includes any medium used to store, transmit, or receive PHI 
electronically. The following and any future technologies used for accessing, transmitting, or receiving 
PHI electronically are covered. Media containing data at rest (data storage) like personal computers with 
internal hard drives used at work, home, or traveling, external portable hard drives, including iPods and 
similar devices, magnetic tape, removable storage devices, such as USB memory sticks, CDs, DVDs, and 
floppy disks, PDAs and smartphones and data in transit, via wireless, Ethernet, modem, DSL, or cable 
network connections, Email, File transfer. (For Protected Health Information - PHI, please see below) 

Encounter: A clinical encounter is defined by ASTM as "(1) an instance of direct provider/practitioner to 
patient interaction, regardless of the setting, between a patient and a practitioner vested with primary 
responsibility for diagnosing, evaluating or treating the patient's condition, or both, or providing social 
worker services. (2) A contact between a patient and a practitioner who has primary responsibility for 
assessing and treating the patient at a given contact, exercising independent judgment." Encounter 
serves as a focal point linking clinical, administrative and financial information. Encounters occur in 
many different settings — ambulatory care, inpatient care, emergency care, home health care, field and 
virtual (telemedicine), [http://www.ncvhs.hhs.gov/040127pl.htm] 

Episode: An episode of care consists of all clinically related services for one patient for a discrete 
diagnostic condition from the onset of symptoms until the treatment is complete 
[http://www.ncmedsoc.org/non_members/pai/PAI-FinalWorkbookforVideo.pdf] Thus, for every new 
problem or set of problems that a person visits his/her clinical care provider, it is considered a new 
episode. Within that episode the patient will have one to many encounters with his/her clinical care 
providers till the treatment for that episode is complete. Even before the resolution of an episode, the 
person may have a new episode that is considered as a distinctly separate event altogether. Thus, there 
may be none, one or several ongoing active episodes. All resolved episodes are considered inactive. 
Hence they become part of the patient's past history. A notable point here is that all chronic diseases 
are considered active and may never get resolved during the life-time of the person, e.g., diabetes 
mellitus, hypertension, etc. 
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EPR: Broadly defined, a personal health record is the documentation of any form of patient 
information-including medical history, medicines, allergies, visit history, or vaccinations-that patients 
themselves may view, carry, amend, annotate, or maintain. Today, when we refer to PHRs, we typically 
mean an online personal health record-which may variously be referred to as an ePHR, an Internet PHR, 
an Internet medical record, or a consumer Internet Medical Record (CIMR). Generally, such records are 
maintained in a secure and confidential environment, allowing only the individual, or people authorized 
by the individual, to access the medical information. Not all electronic PHRs are Internet PHRs. PC-based 
PHRs may be set up to capture medical information offline. 

Evidence Based Medicine: Evidence-based medicine (EBM) is the integration of best research evidence 
with clinical expertise to aid in the diagnosis and management of patients. 

[F] 

Family History: A list of the patient's family medical history including the chronic medical problems of 
parents, siblings, grandparents, etc. 

FHIR: Fast Health Interoperable Resources, the newest version from HL7 org for messaging. 

Formatting and Protocol Standards: Data exchange standards which are needed between CPR systems, 
as well as CPT and other provider systems, to ensure uniformity in methods for data collection, data 
storage and data presentation. Proactive providers are current in their knowledge of these standards 
and work to ensure their information systems conform to the standards. 

Formulary: An approved list of prescription drugs; a list of selected pharmaceuticals and their 
appropriate dosages felt to be the most useful and cost effective for patient care. Organizations often 
develop a formulary under the aegis of a pharmacy and therapeutics committee. In HMOs, physicians 
are often required to prescribe from the formulary. See also Drug Formulary. 

[G] 

Growth Chart: A feature for a Primary Care or EMR that can be used for paediatric patients. Age, height, 
weight, and head measurements can be entered over the patient's lifetime, and the feature creates a 
line graph. 

[H] 

Health Care Operations: Institutional activities that is necessary to maintain and monitor the operations 
of the institution. Examples include but are not limited to: conducting quality assessment and 
improvement activities; developing clinical guidelines; case management; reviewing the competence or 
qualifications of health care professionals; education and training of students, trainees and 
practitioners; fraud and abuse programs; business planning and management; and customer service. 
Under the HIPAA Privacy Rule, these are allowable uses and disclosures of identifiable information 
"without specific authorization." Research is not considered part of health care operations. 

Health Care, Healthcare: Care, services, and supplies related to the health of an individual. Health care 
includes preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and 
counseling, among other services. Healthcare also includes the sale and dispensing of prescription drugs 
or devices. 
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Health Information: Information in any form (oral, written or otherwise) that relates to the past, present 
or future physical or mental health of an individual. That information could be created or received by a 
health care provider, a health plan, a public health authority, an employer, a life insurer, a school, a 
university or a health care clearinghouse. All health information is protected by state and federal 
confidentiality laws and by HIPAA privacy rules. 

Health Level Seven (HL7): A data interchange protocol for health care computer applications that 
simplifies the ability of different vendor-supplied IS systems to interconnect. Although not a software 
program in itself, HL7 requires that each healthcare software vendor program HL7 interfaces for its 
products. The organisation is one of the American National Standards Institute accredited Standard 
Developing Organization (SDO) - Health Level 7 domain is the standards for electronic interchange of 
clinical, financial and administrative info among healthcare oriented computer systems. Is a not-for- 
profit volunteer organization. It develops specifications, most widely used is the messaging standard 
that enables disparate health care applications to exchange key sets of clinical and administrative data. 
It promotes the use of standards within and among healthcare organizations to increase the 
effectiveness and efficiency of healthcare delivery. It is an international community of healthcare 
subject matter experts and information scientists collaborating to create standards for the exchange, 
management and integration of electronic healthcare information. 

Health: The state of complete physical, mental, and social well-being and not merely the absence of 
disease or infirmity. It is recognized, however, that health has many dimensions (anatomical, 
physiological, and mental) and is largely culturally defined. The relative importance of various disabilities 
will differ depending upon the cultural milieu and the role of the affected individual in that culture. Most 
attempts at measurement have been assessed in terms or morbidity and mortality. 

Healthcare provider: A health care provider is an individual or an institution that provides preventive, 
curative, promotional or rehabilitative health care services in a systematic way to individuals, families or 
communities. An individual health care provider may be a health care professional, an allied health 
professional, a community health worker, any or other person trained and knowledgeable in medicine, 
nursing or other allied health professions, or public/community health workers like , ASHA, ANM, 
midwives, paramedical staff, OT/lab/radio-diagnostic technicians, etc. An institution will include 
hospitals, clinics, primary care centres and other service delivery points of health care individual clinics, 
polyclinics, diagnostic centres, etc., i.e., any place where a medical record is generated during a patient- 
care provider encounter (in conformance to CEA 2010 - please refer to Clinical Establishment item 
above). It must be noted that any person solely performing non-clinical work is not a care provider. 

History of Present Illness (HPI): The HPI is the history of the patient's chief complaint. 

Human Subject: Refers to a living subject participating in research about whom directly or indirectly 
identifiable health information or data are obtained or created. 

Hybrid Record: Term used for when a provider uses a combination of paper and electronic medical 
records during the transition phase to EMR. 


Independent Software Vendor (ISV): A company specializing in making or selling software products that 
runs on one or more computer hardware or operating system platforms. 
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Immunisation: A complete list of all immunizations that the patient has had. 

Informatics: The application of computer technology to the management of information. 

Integration: Integration allows for secure communication between enterprise applications. 

Interface: A means of communication between two computer systems, two software applications or 
two modules. Real time interface is a key element in healthcare information systems due to the need to 
access patient care information and financial information instantaneously and comprehensively. Such 
real time communication is the key to managing health care in a cost effective manner because it 
provides the necessary decision-making information for clinicians, providers, other stakeholders, etc. 

International Classification of Diseases: This is the universal coding method used to document the 
incidence of disease, injury, mortality and illness. A diagnosis and procedure classification system 
designed to facilitate collection of uniform and comparable health information. The ICD-9-CM was 
issued in 1979. This system is used to group patients into DRGs, prepare hospital and physician billings 
and prepare cost reports. Classification of disease by diagnosis codified into six-digit numbers. See also 
coding. 

International Classification of Traditional Medicine (ICTM): The World Health Organization, in 
consultation with a large group of stakeholders in the areas of Traditional Medicine or Complementary 
and Alternative Medicine and Health Information Systems, has developed a collaborative project plan to 
produce an international standard terminology and classification system for Traditional Medicine. The 
mission is to produce an international standard for information on TM that is ready for electronic health 
records and that will serve as a standard for scientific comparability and communication. With 
International Classification of Traditional Medicine, International Standard Terminologies of Traditional 
Medicine, and a web portal that links the TM classification and TM terminologies to the WHO-FIC as the 
listed deliverables. 

International Health Terminology Standards Development Organization (IHTSDO): Denmark-based 
organization that maintains and licenses SNOMED codes worldwide. 

Interoperability: The capability to provide successful communication between end-users across a mixed 
environment of different domains, networks, facilities and equipment. 

ISP: Internet Service Provider 

ISV (Independent Software Vendor):An independent software vendor (ISV) is a company specializing in 
making or selling software, designed for mass or niche markets. This typically applies for application- 
specific or embedded software, from other software producers. 

N] 

J-Codes: A subset of the HCPCS Level II code set with a high-order value of "J" that has been used to 
identify certain drugs and other items. 

[L] 
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LAN (Local Area Network): A LAN supplies networking capability to a group of computers in close 
proximity to each other such as in an office building, a school, or a home. 

Legacy System Integration: The integration of data between a legacy system and some other software 
program most commonly using HL-7 standards. 

Legacy Systems: Computer applications, both hardware and software, which have been inherited 
through previous acquisition and installation. Most often, these systems run business applications that 
are not integrated with each other. Newer systems which stress open design and distributed processing 
capacity are gradually replacing such systems. 

Length of Stay (LOS): The duration of an episode of care for a covered person. The number of days an 
individual stays in a hospital or inpatient facility. May also be reviewed as Average Length of Stay (ALOS). 

LEPR (Longitudinal Patient Record): Longitudinal Patient Record is an EHR that includes all healthcare 
information from all sources. 

Logical Observation Identifiers Names and Codes (LOINC®): The purpose of LOINC® is to facilitate the 
exchange and pooling of clinical results for clinical care, outcomes management, and research by 
providing a set of universal codes and names to identify laboratory and other clinical observations. The 
Regenstrief Institute Inc., an internationally renowned healthcare and informatics research organization, 
maintains the LOINC database and supporting documentation, and the RELMA mapping program. 

[M] 

Management Information System (MIS): The common term for the computer hardware and software 
that provides the support of managing the plan. 

Master Patient / Member Index: An index or file with a unique identifier for each patient or member 
that serves as a key to a patient's or member's health record. 

Maximum Defined Data Set: All of the required data elements for a particular standard based on a 
specific implementation specification. An entity creating a transaction is free to include whatever data 
any receiver might want or need. The recipient is free to ignore any portion of the data that is not 
needed to conduct their part of the associated business transaction, unless the inessential data is 
needed for coordination of benefits. 

MCI: Medical Council of India 

Medical Code Sets: Codes that characterize a medical condition or treatment. These code sets are 
usually maintained by professional societies and public health organizations. Compare to administrative 
code sets. 

Medical Informatics: Medical informatics is the systematic study, or science, of the identification, 
collection, storage, communication, retrieval, and analysis of data about medical care services to 
improve decisions made by physicians and managers of health care organizations. Medical informatics 
will be as important to physicians and medical managers as the rules of financial accounting are to 
auditors. 
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Medical Management Information System (MMIS): A data system that allows payers and purchasers to 
track health care expenditure and utilization patterns. It may also be referred to as Health Information 
System (HIS), Health Information Management (HIM) or Information System (IS). See also Electronic 
Medical Record (EMR). 

MIMS: Monthly Index of Medical Specialities 

Minimum Data Set: The minimum set of data elements that must be captured, stored, made 
available for retrieval, presentation, relay and sharing by an EHR system. It comprises of all of the 
essential data elements required for implementation. An entity creating a transaction must include the 
mandatory data elements at all times and is free to exclude optional data elements. The entity is free to 
additionally include whatever other data elements that any receiver might want or need. The recipient is 
free to ignore any portion of the data that is not mandatory and is further free to ignore any other 
portion of the data that is not needed to conduct their part of the associated transaction, unless 
required by sender, intermediaries or receiver. This minimum data set represents the most 
common data, and system designers are at liberty to add to it as they deem necessary to enrich or 
enhance their EHR systems. 

Modifier: Additional character of a code added to an existing code that is used to help in extending or 
localization of the existing code. 

[N] 

NANDA: North American Nursing Diagnosis Association 

National Council for Prescription Drug Programs: An ANSI-accredited group that maintains a number of 
standard formats for use by the retail pharmacy industry. 

Non-Participating Physician (or Provider): A provider, doctor or hospital that does not sign a contract to 
participate in a health plan, usually which requires reduced rates from the provider. In the Medicare 
Program, this refers to providers who are therefore not obligated to accept assignment on all Medicare 
claims. In commercial plans, non-participating providers are also called out of network providers or out 
of plan providers. If a beneficiary receives service from an out of network provider, the health plan 
(other than Medicare) will pay for the service at a reduced rate or will not pay at all. 

[O] 

Open Access: A term describing a member's ability to self-refer for specialty care. Open access 
arrangements allow a member to see a participating provider without a referral from another doctor. 
Health plan members' abilities, rights or invitation to self refer for specialty care. Also called Open Panel. 

openEHR:openEHR is an open standard specification in health informatics that describes the 
management and storage, retrieval and exchange of health data in electronic health records (EHRs). In 
openEHR, all health data for a person is stored in a "one lifetime", vendor-independent, person-centred 
EHR. Maintained by the openEHR Foundation, these are based on a combination of 15 years of 
European and Australian research and development into EHRs and new paradigms, including what has 
become known as the archetype methodology for specification of content and include information and 
service models for the EHR, demographics, clinical workflow and archetypes. They are designed to be 
the basis of a medico-legally sound, distributed, versioned EHR infrastructure. 
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OR: Operating Room - synonymous to OT as below 
OT: Operation Theatre 

OTC: Over the counter (drugs). Refers to those drugs that are available off the shelf without any 
prescription or advise from a registered medical practitioner 

Outcome: A clinical outcome is the "change in the health of an individual, group of people or population 
which is attributable to an intervention or series of interventions". (Taken from: Frommer, Michael; 
Rubin, George; Lyle, David (1992)."The NSW Health Outcomes program". New South Wales Public 
Health Bulletin 3: 135. doi:10.1071/NB92067) 

Outpatient Care: Care given a person who is not bedridden. It is also called ambulatory care. Many 
surgeries and treatments are now provided on an outpatient basis, while previously they had been 
considered reason for inpatient hospitalization. Some say this is the fastest growing segment of 
healthcare 

[P] 

Participating Physician: A primary care physician in practice in the payer's managed care service area 
who has entered into a contract. 

Past History: A list of a patient's past health problems, surgeries and specialists. 

Patient Demographics: All patient's pertinent information such as first and last name, SSN, DOB, 
insurance, etc. 

Patient Portal: A secure web-based system that allows a patient to register for an appointment, 
schedule an appointment, request prescription refills, send and receive secure patient-physician 
messages, view lab results, pay their bills electronically, access physician directories. 

Patient: A person who is under medical care or treatment 

PC Based: A program designed to run on an individual PC. This typically means data is not shared in real 
time among other PCs (users). 

PCP: Primary care physician who often acts as the primary gatekeeper in health plans. That is, often the 
PCP must approval referrals to specialists. Particularly in HMOs and some PPOs, all members must 
choose or are assigned a PCP. 

PHR: A personal health record or PHR is typically a health record that is initiated and maintained by an 
individual. An ideal PHR would provide a complete and accurate summary of the health and medical 
history of an individual by gathering data from many sources and making this information accessible 
online. 

Picture Archive Communication System (PACS): Used by radiology and diagnostic imaging organizations 
to electronically manage information and images 
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Practice Parameters, Practice Guidelines: Systematically developed statements to standardize care and 
to assist in practitioner and patient decisions about the appropriate health care for specific 
circumstances. Practice guidelines are usually developed through a process that combines scientific 
evidence of effectiveness with expert opinion. Practice guidelines are also referred to as clinical criteria, 
protocols, algorithms, review criteria, and guidelines. The American Medical Association defines practice 
parameters as strategies for patient management, developed to assist physicians in clinical decision¬ 
making. Practice parameters may also be referred to as practice options, practice guidelines, practice 
policies, or practice standards. 

Prescription Drug: Drug that the law says can only be obtained by prescription. 

Primary Care Physician: A "generalist" such as a family practitioner, pediatrician, internist, or 
obstetrician. In a managed care organization, a primary care physician is accountable for the total health 
services of enrollees including referrals, procedures and hospitalization. Also see Primary Care Provider. 

Primary Care Provider: The provider that serves as the initial interface between the member and the 
medical care system. The PCP is usually a physician, selected by the member upon enrollment, who is 
trained in one of the primary care specialties who treats and is responsible for coordinating the 
treatment of members assigned to his/her plan. 

Primary Care: Basic or general health care usually rendered by general practitioners, family 
practitioners, internists, obstetricians and pediatricians who are often referred to as primary care 
practitioners or PCPs. Professional and related services administered by an internist, family practitioner, 
obstetrician-gynecologist or pediatrician in an ambulatory setting, with referral to secondary care 
specialists, as necessary. 

Principal Diagnosis: The medical condition that is ultimately determined to have caused a patient's 
admission to the hospital. The principal diagnosis is used to assign every patient to a diagnosis related 
group. This diagnosis may differ from the admitting and major diagnoses. 

Privacy Standards: The Privacy standards restrict the use & disclosure of individually identifiable health 
information. Privacy standard applies to all protected health information may it is in physical or 
electronic form. 

Privacy: Privacy means an individual's interest in limiting who has access to personal health care 
information. Specific patient authorization is required for use and disclosure of clinical notes. As per 
Fernando & Dawson, 2009, privacy is control of access to private information avoiding certain kinds of 
embarrassment and can be shared or not shared with others; Only authorized (by the patient) people 
can view the recorded data or part thereof 

Progress Note: The documentation of a patient visit or encounter including all or part of the SOAP 
format. 

Protected health information (PHI): Any individually identifiable information whether oral or recorded 
in any form or medium that is created, or received by a health care provider, health plan or health care 
Healthcare provider and relates to past, present, or future physical or mental health conditions of an 
individual; the provision of health care to the individual; or past, present, or future payment for health 
care to an individual. 
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[R] 

Real Time: The instantaneous sharing of data among a user group. It is common to a client/server 
database configuration. 

Referral: Some insurance companies require that on specific plans a referral must be obtained for 
certain procedures or visits to specialists. The referral is acquired by the primary care physician (PCP) by 
contacting the insurance company by phone or mail. This is a request for the service. The referral 
consists of an authorization code, a number of visits allowed (if applicable) and an expiration date. 

Referring Provider: is the provider that referred the patient to a specialist or for a specific procedure. 

Relational Database: A database program that stores data in a manner similar to Excel, with the 
difference being the data elements are related (linked) to each other. 

Remote Access: Data travels through a private, protected passage via the Internet, allowing healthcare 
providers to access from home or another practice location and allows EMR vendor to perform system 
maintenance off-site 

Rendering/Performing Provider: The provider actually treating the patient. 

Roles and Access Levels:The role and access level of the user needs to be determined and set by the 
system administrator. The role determines the access level. While roles may be such as system 
administrator, medical doctor, registered nurse, medical student, medical assistant, nurse assistant, 
ancillary nurse, health worker, anganwadi worker, etc., the access levels may include viewing only, 
viewing/adding/editing only, viewing/adding/editing/deleting, all allowed etc. These need to be set out 
clearly in the SOP of the facility. 


ROS (Review of Systems): A series of questions related to the system(s) that the patient is having 
complaints about (i.e. respiratory for cold symptoms). 

RXNORM:RxNorm is the name of a US-specific terminology in medicine that contains all medications 
available on US market; it provides normalized names for clinical drugs and links its names to many of 
the drug vocabularies commonly used in pharmacy management and drug interaction software. 

[S] 

Secondary Care: Services provided by medical specialists who generally do not have first contact with 
patients (e.g., cardiologist, urologists, dermatologists). In the U.S., however, there has been a trend 
toward self-referral by patients for these services, rather than referral by primary care providers. This is 
quite different from the practice in England, for example, where all patients must first seek care from 
primary care providers and are then referred to secondary and/or tertiary providers, as needed. 

Security Standards: The Security Standards require measures to protect the confidentiality, integrity and 
availability of e-PHI while it's being stored & exchanged. The security standard applies to all electronic 
PHI. 
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Security: This refers to the methods and techniques adopted to protect privacy and are a defense 
mechanism from any attack (Hong et al., 2004) 

SNOMED: Systemized Nomenclature of Medicine Clinical Terms is the universal health care 
terminology. It is comprehensive and covers procedures, diseases, and clinical data. SNOMED CT helps 
to structure and computerize the medical record. It allows for a consistent way of indexing, storing, 
retrieving and aggregating clinical data across sites of care (i.e. hospitals, doctors offices) and specialties. 
By standardizing the terminology, the variability in the way data is captured, encoded and used for 
clinical care of patients and research is reduced. Allows for more accurate reporting of data. It is 
currently available in English, Spanish and German. 

Social History: A description of a patient's social habits and history including marital status, alcohol and 
drug use and exercise habits. 

Solo Practice, Solo Practitioner: A physician who practices alone or with others but does not pool 
income or expenses. This form of practice is becoming increasingly less common as physicians band 
together for contracting, overhead costs and risk sharing. 

SOP: Standard operating procedures or protocols 

SQL: Structured Query Language - is a computer language aimed to store, manipulate and retrieve data 
stored in relational databases. 

Subjective: Section in a progress note where a patient's account of their current problem is 
documented. Consists of chief complaint, HPI and ROS. 

Sx: Abbreviation for symptoms 

[T] 

Tl, T3 line: A high-speed internet connection provided via telephone lines often used by businesses 
needing internet connection speeds greater than DSL/Cable. 

Therapeutic Alternatives: Strong Drug products that provide the same pharmacological or chemical 
effect in equivalent doses. Also see Drug Formulary. 

TPA: Third Party Administrator 

Treatment Episode: The period of treatment between admission and discharge from a modality, e.g., 
inpatient, residential, partial hospitalization, and outpatient, or the period of time between the first 
procedure and last procedure on an outpatient basis for a given diagnosis. Many healthcare statistics 
and profiles use this unit as a base for comparisons. 

Treatment: The provision of health care by one or more health care providers. Treatment includes any 
consultation, referral or other exchanges of information to manage a patient's care. 

[V] 
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Vital Statistics: Statistics relating to births (natality), deaths (mortality), marriages, health, and disease 
(morbidity). Vital statistics for the United States are published by the National Center for Health 
Statistics. Vital statistics can be obtained from CDC, state health departments, county health 
departments and other agencies. An individual patient's vital statistics in a health care setting may also 
refer simply to blood pressure, temperature, height and weight, etc. 

VPN: Virtual Private Network - A VPN "tunnel" is a secure connection, typically firewall to firewall that 
provides for remote access to your data server. 

[X] 

XML (Extensible Markup Language): Used for defining data elements on a Web page and 
communication between two business systems. Example: Standard messaging system for and EMR to 
integrate with another software such as a practice management or drug formulary database. 
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11. FORMAT FOR MEDICAL RECORDS 

(As specified by Medical Council of India under regulation 3.1) 

Name of the patient: 

Age: 

Sex: 

Address: 

Occupation: 

Date of lst visit: 

Clinical note (summary) of the case: 

Provisional Diagnosis: 

Investigations advised with reports: 

Diagnosis after investigation: 

Advice: 

Follow up 
Observations: 

Date: 

Signature in full 


Name of Treating Physician 
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Z.28011/5/2010-CBHI Part-2 
Government of India 

Department of Health and Family Welfare 
***** 

Nirman Bhawan, New Delhi 
Dated: 01 st September, 2014 
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Office Memorandum 


Subject: Constitution of Fourth Sub Group under EHR/EMR Standards Committee 

The “Electronic Health Record (EHR) Standards for India” were notified by Ministry of 
Health & Family Welfare, Government of India in August 2013. It is recognized that issues 
relating to security and confidentiality of the electronic health records are extremely relevant 
for implementation of the standards. 

2. In this regard, three sub groups have already been formed for EHR standards vide OM 
No. Z.28015/79/2010-Hosp. dated 19/10/2010. 

3. It is now decided to constitute the Fourth sub-group, i.e. "Legal sub-group" which will 
look into accessibility, privacy and confidentiality of the patient data. The composition of the 
Fourth sub-group proposed to carry out the said activity is as follows: 


1 . 

Shri R.K. Jain, AS&DG(CGHS), Ministry of Health & Family 
Welfare, New Delhi 

Chairman 

2. 

Shri K.L. Sharma, Joint Secretary (Regulation), Ministry of 
Health & Family Welfare, New Delhi 

Member 

3. 

Mr. B.S. Bedi, Advisor, Centre for Development of 

Advanced Computing 

Member 

4. 

Mr. V P Singh, Assoc. Professor, Dept, of Forensic 

Medicine, Dayanand Medical College & Hospital, Ludhiana 

Member 

5. 

Mr. Arvind Sivaramakrishnan, Chief Information Officer, 
Apollo Hospitals Enterprise Ltd, Chennai 

Member 

6. 

Prof. Naresh Gupta, Director - Professor, Maulana Azad 
Medical College and Associated Hospital, New Delhi 

Member 

7. 

Representative, UIDAI, New Delhi 

Member 

8. 

Representative, DeitY, New Delhi 

Member 


4. Terms of reference of the Legal Sub-Group are as follows: 

• Review of the relevant legal provisions 

• Other issues relating to confidentiality, security of patient health records and access 
thereto. 
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Payment: All non-official members of the Sub-Groups, who are outstation, will be eligible for 
reimbursement of air travel by the economy class / shortest direct route. All non-official 
members will be eligible for reimbursement @ Rs. 1500/- per diem as sitting fee for 
attending the Sub-Group’s meetings. Out station non-official members will also be entitled 
for reimbursement of hotel accommodation expenses as per actual subject to a ceiling of 
Rs. 6500/-. TA/DA of official members of the Sub-Groups for attending the meetings shall be 
met from the same source from which their salary is drawn. 

This issues with the approval of Secretary (HFW). 



(Jiterwa Arora) 
Director (eGov) 


To: 


1) All Members of Legal Sub Group (as per list attached) 

2) All Members of EHR Standards Committee (as per list attached) 


Copy to: 


1) Secretary, Department of Electronics and Information Technology, Electronics 
Niketan, 6 CGO Complex, Lodi Road, New Delhi - 110003. It is requested that an 
officer of Director Level and above may kindly be nominated for Legal Sub 
Group. 

2) Director General, Unique Identification Authority of India, Planning Commission, 
Government of India,3rd Floor, Tower II, Jeevan Bharati Building, Connaught Circus, 
New Delhi - 110001. It is requested that an officer of Director Level and above 
may kindly be nominated for Legal Sub Group. 

3) Shobha Mishra Ghosh, Senior Director, FICCI, New Delhi. 


Copy for kind information to: 


1) PPSto AS&DG(CGHS) 

2) PPS to JS(NBD) 
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Z. 18015/13/2013-MMPC 
Government of India 

Department of Health and Family Welfare 
Mission Mode Project Cell 

jje * j(c sjc jje 

Nirman Bhawan, New Delhi 
Dated: 14 th February, 2014 


Office Memorandum 

Subject: Constitution of Implementation Committee for monitoring and 
implementation of the EHR standards 

The “Electronic Health Record Standards for India” was notified by the Ministry of 
Health & Family Welfare, Government of India in August 2013 and there is a need to 
involve various stakeholders for smooth & timely adoption of the standards. 

It is decided to constitute an Implementation Committee for suggestions strategies & 
other necessary actions for implementation of the EHR standards. The composition of the 
Implementation Committee is as follows: 


a. 

Shri R.K. Jain , AS& DG (CGHS), MoHFW 

Chairman 

b. 

Shri Arun Panda, Jt. Secy., MoHFW 

Member 

c. 

Shri Rajendra Kumar, Jt. Secy., DeitY 

Member 

d. 

Shri N.B. Dhal, Jt. Secy., MoHFW 

Member 

e. 

Shri Rajiv Sadanand , Jt. Secy., Ministry of Labour and 
Employment & Mission Director, RSBY 

Member 

f. 

Dr. S.N. Sarbadhikari, Project Director, Centre for Health 
Informatics, National Health Portal 

Member 

g- 

Dr. Madhu Raikwar, Director , CBHI 

Member 

h. 

DG , Unique Identification Authority of India (UIDAI) 

Member 

i. 

DG, NIC 

Member 

j- 

DG, CDAC 

Member 
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k. 

Secretary (Health), Government of Tamil Nadu 

Member 

1 . 

Secretary (Health), Government of Gujarat 

Member 

m. 

Secretary (Health), Government of Odisha 

Member 

n. 

Secretary (Health), Government of Punjab 

Member 

0 . 

Secretary (Health), Government of Tripura 

Member 

P- 

Representative from Insurance Regulatory and 

Development Authority (IRDA) 

Member 

<F 

Representative of NASSCOM 

Member 

r. 

Representative of Indian Medical Association 

Member 

s. 

Representative of WHO 

Member 

t. 

Representative of FICCI 

Member 

u. 

Shri Sanjay Kumar, Deputy Director -Mission Mode 

Project Cell (MMPC) 

Convenor 


3. This issues with the approval of Secretary (H&FW) 


<K*i 

Sanjay Kumar 

Dy. Director (MMPC), D/o HFW 


To: 

{All members of the EHR Implementation Committee} 

Copy for information to: 

1. PS to AS & DG(CGHS), MoHFW 

2. PS to Joint Secretary (e-Gov & NUHM) 
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Subject: Minutes of the first Meeting of the Electronic Health Record (EHR) 

review committee held on 26 th August 2015 


The undersigned is directed to circulate the minutes of the first meeting of EHR 
Review Committee held on 26 th August, 2015 in MoHFW under the Chairmanship of 
Shri N B Dhal, JS (eGov). 


(Sunita Dhaundiyal) 
Under Secretary to the Gol 
Telephone: 23061843 
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2. Shri Sunil Kumar-STD, NIC, MoHFW 

3. Ms Kavita Bhatia - Addl Director, DeitY 

4. Prof S N Sarbadhikari - Project Director, CHI of NHP 
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6. Shri Gaur Sunder - PTO, C-DAC Pune 

7. Dr Rajesh Narwal - Technical Officer Health System 

8. Shri Sudhir Saxena - VP NISG 

9. Dr S B Bhattacharyya - Head Health Informatics, TCS 

10. Dr Karanvir Singh - CMIO, Apollo Hospitals 

11. Ms Shobha Mishra Ghosh - Senior Director, FICCI 
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Department of Health & Family Welfare 
e-Governance Division 

Subject: Minutes of the First Meeting of the Electronic Health Record (EHR) Review Committee held on 
26 th August, 2015 


The first meeting of 'EHR Standards Review Committee' was held on 26 th August, 2015 at 
4:00 P.M. in the Room No.406, A -Wing, Nirman Bhawan, Ministry of Health & Family Welfare under 
the Chairmanship of Shri N B Dhal, JS(eGov). Shri K B Agarwal, AS, MoHFW also joined the meeting. 
Representatives from WHO, FICCI and NISG attended the meeting as special invitees. The list of 
participants is placed at Annexure - A. 

2. Shri N.B. Dhal, JS(eGov) welcomed the participants and briefed them about the overall 
objective/purpose of EHR Standards which had been notified by MoHFW in September 2013 after 
detailed deliberations with various stakeholder groups. He highlighted that EHR Standards being a 
living document needed to be reviewed/updated periodically - for ensuring compliance with the 
prevailing global standards, practices etc. Accordingly, it was decided with approval of the 
competent authority to constitute a committee to review the EHR standards- 'EHR Review 
Committee' (copy of order placed at Annexure B). The representatives from FICCI (which 
coordinated the task for notification of EHR Standards in 2013), WHO and NISG were invited to 
attend the first meeting of EHR Standards Review Committee. 

3. JS(eGov) mentioned about approach that may be followed to obtain comments from 
stakeholders regarding revision of the EHR Standards document and sought views of the Review 
Committee members on whether the Ministry should seek suggestions from various stakeholders on 
the already notified standards through Ministry's website, MyGov platform etc. and entrust 
institution/organisation like Centre for Health Informatics (CHI) -NIHFW or C-DAC, Pune to carry out 
the coordination role. JS(eGov) thereafter requested Shri B.S. Bedi, Advisor, CDAC to brief the 
participants further on the subject. 

4. Shri B.S. Bedi provided a brief background to the detailed task carried out MoHFW and its 
EHR Standards Committee related to adoption and notification of standards. He emphasized upon 
the need for review / revision of the standards as it has already been two years since the standards 
were notified. 

5. Dr. S.B. Bhattacharya, Head Health Informatics, TCS informed the participants that some 
suggestions had already been received by the members of EHR Standards Committee and it would 
be appropriate that those suggestions be examined by the Review Committee members. He 
proposed that a sub-group - comprising self, Shri Gaur Sunder (CDAC-Pune) & Shri S.N. Sarbadhikari 
(Project Director, CHI) - may be formed under the Review Committee and entrusted with the task of 
preparing a revised draft of the Standards. And once a revised document is drafted on the 
Standards, it may be put in public domain for seeking suggestions/feedback. Shri Gaur Sunder 
mentioned that iNRC SNOMED-CT had also received few suggestions on the EHR Standards 
document and the same could be examined. 
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6. Shri Bedi supported to the above mentioned suggestions on approach to be taken for 
review/revision of the Standards. He pointed out that the Review Committee also needed to address 
the issue of inconsistencies between the draft Metadata & Data Standards (MDDS) prepared by the 
MDDS Committee for Health Domain and the notified EHR Standards. 

7. Shri Sunil Bhushan, Senior Technical Director, NIC and a member of MDDS Committee 
mentioned that most of the issues pertaining to inconsistencies between MDDS draft and EHR 
Standards had been jointly deliberated and resolved. However, there are still some instances of 
inconsistency, which could be resolved during the course of review/revision of EHR Standards. 

8. Shri Arvind Sivaramakrishnan, CIO, Apollo Hospitals also stated that the inconsistencies 
between the draft MDDS document & EHR standards document should be resolved and 
appropriately incorporated in the revised EHR Standards. 

9. Ms. Kavita Bhatia, Scientist-E, eGov, DeitY made a submission to the Review Committee that 
DeitY had already published MDDS for Demographics in 2011 and the same had already been 
adopted by various Ministries. Therefore, it is requested that the Review Committee should adopt 
the Demographics MDDS while revising the EHR Standards to ensure interoperability and coherence 
with other eGovernance projects. 

10. Thereafter, JS(eGov) apprised AS(eGov) and other participants about 'India Health 
Information Network (IHIN)' - a network consisting of broad spectrum of participants from different 
quarters of healthcare sector- constituted by MoHFW in January 2015 for eHealth 
knowledge/experience sharing, to act as think-tank for policy level issues etc. Currently, FICCI is 
facilitating and coordinating the activities of IHIN. IHIN has formulated different working groups 
including one on EHR Standards and the suggestions made by this working group may be shared 
with the Review Committee. 

11. JS(eGov) further mentioned that DeitY had raised concerns about SNOMED CT not being 
open standards. This issue was discussed in detail with iNRC team and the members of EHR 
Standards Committee. Accordingly a reply was sent by Secretary(HFW) to Secretary(DeitY) 
highlighting key features - wide scale use of SNOMED CT in around 85 countries, its 
comprehensiveness etc.- and that DeitY was involved in the decision taken to obtain license of 
IHTSDO. He then requested the participants to share their views on this issue. 

12. Ms. Kavita Bhatia stated that DeitY had some reservations whether SNOMED-CT meets the 
requirements of the policy on Open Standards, it involves payment of royalty. Therefore DeitY 
sought clarifications regarding structure of IHTSDO, role/influence of private sector organizations in 
IHTSDO, any migration issues once new standards come up, efforts being put in for awareness 
creation / promotion of SNOMED-CT etc. 
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13. The responses of EHR Review Committee Members regarding the concern raised and 
clarifications sought by DeitY representative on SNOMED CT are summarized below: 

• It is a clinical terminology/vocabulary/ coding system, not software. It has functions in medical 
domain like ASCII / UNICODE has in computers. 

•It is the only clinical terminology code system that has successfully been able to meet 
requirements of the clinicians for a proper code system to capture clinical observations into the 
system without having to resort to free text. It is a very comprehensive code system and 
links/maps with all other major coding system in healthcare- WHO's ICD-10, LOINC codes etc. and 
almost all other standards in health informatics like; DICOM, HL7, EHRCom, etc. support using 
SNOMED CT codes. It can take care of semantic interoperability. 

•SNOMED CT can be used in any Hospital Information System and EHR software and as per the 
decision taken by MoHFW, it is available free of cost/royalty for use in India. It doesn't limit or 
bound any user to use it in its entirety. SNOMED-CT is structured in such a manner that it 
supports open framework and there would not be any migration issue in future. 

• Regarding being open vs. subscription, it is mentioned that IHTSDO is akin to any other Standard 
Development Organization (SDO). Most SDOs also charge a fee for using, referring, distribution of 
standards among members and non-members and India pays a membership fee to ITU, WHO etc. 
for using their standards. IHTSDO's governance structure is similar in nature to ITU, ISO, IEEE etc. 
and is a non-profit organization with about 30 nations as members; private vendor organizations 
don't form part of IHTSDO. 

• India being a country member of IHTSDO could be able to strategically participate in the overall 
process/structure of standards formulation/revision keeping its local requirements in view. India 
could also promote inclusion of AYUSH in the clinical terminology standards/codes, in future. 
Over 85 countries are using SNOMED CT including in Asia-pacific region and its coverage is 
continuously increasing. 

14. Based on detailed discussions, the following decisions were taken in the meeting: 

•Sub-committee comprising Shri B.S. Bedi, Shri Bhattacharya & Shri Gaur Sunder will prepare a 
draft version of the revised EHR Standards and the same would be presented before the Review 
Committee in a month's time. 

•All the inconsistencies highlighted between EHR Standards and draft MDDS should be resolved 
and appropriately incorporated in the revision. For clinical terms the EHR Standards should 
supersede the draft MDDS and convergence should be ensured with the Demographics MDDS 
already notified in 2011 by DeitY. 

•The Review Committee should meet after one month. 

The meeting ended with vote of thanks to the chair and the participants 
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Annexure - A 

List of Participants 

1. Shri Jitendra Arora - Director, eGov 

2. Shri Sunil Kumar-STD, NIC, MoHFW 

3. Ms Kavita Bhatia - Addl Director, DeitY 

4. Prof S N Sarbadhikari - Project Director, CHI of NHP 

5. Shri B S Bedi - Advsior, C-DAC 

6. Shri Gaur Sunder - PTO, C-DAC Pune 

7. Dr Rajesh Narwal - Technical Officer Health System 

8. Shri Sudhir Saxena - VP NISG 

9. Dr S B Bhattacharyya - Head Health Informatics, TCS 

10. Dr Karanvir Singh - CMIO, Apollo Hospitals 

11. Ms Shobha Mishra Ghosh - Senior Director, FICCI 

12. Shri Chandrasen - PL (ePMU) 

13. Shri Nikhil - Consultant eGov 

14. Shri Bhanu Prakash - Consultant ePMU 
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Subject: Minutes of the Second Meeting of the Electronic Health Record (EHR) 
Standards Review Committee held on 14 th December, 2015 

The second meeting of ‘EHR Standards Review Committee’ was held on 14 th 
December, 2015 at 3:30 P.M. in the Room No.406, A -Wing, Nirman Bhawan, 
Ministry of Health & Family Welfare under the Chairmanship of Shri Sunil Sharma, 
JS (eGovernance). Representatives from WHO attended the meeting as special 
invitees. The list of participants is placed at Annexure - A. 

2. Shri Sunil Sharma, JS(eGov) welcomed the participants and briefed about 
the overall objective/purpose of EHR Standards which had been notified by MoHFW 
in August 2013 after detailed deliberations with various stakeholder groups. He 
thereafter asked Shri Jitendra Arora, Director (eGovernance) to brief the 
participants. 

3. Director (eGov) briefed the participants that based on the decisions taken in 
the last meeting held on 26 th August, 2015 a sub-committee under the “EHR 
Review Committee” comprising of Shri B.S. Bedi, Shri S.B. Bhattacharya & Shri 
Gaur Sunder was entrusted with the task of preparing the revised version of EHR 
Standards. Thereafter, Director(eGov) requested Shri Bedi to present the same 
before the Review Committee. 

4. Shri B.S. Bedi provided a brief background on the detailed task carried out 
by the sub-committee related to revision/ updatiton of the standards. Thereafter, 
he along with Shri Bhattacharya & Shri Gaur Sunder made a presentation 
highlighting the key revisions proposed in the EHR Standards 2013. The copy of 
presentation is placed at Annexure-B. 

5. The sub-committee members, after concluding the presentation, requested 
that the revised EHR Standards may be reviewed& deliberated upon by the EHR 
Review Committee and thereafter once approved, the same be notified as updated 
EHR Standards. They also requested that revisedset of EHR Standards once 
finalised & approvedmay be forwarded to Bureau of Indian Standards for 
consideration of adopting those listed standards as Indian Standards as well. 

6. Further, Shri Sunil Bhushan, Senior Technical Director, NIC stated that a 
reference to imaging standards notified by Deity may be incorporated in the 
document regarding imaging standard being proposed in the revised standards. 
Dr. Karanvir Singh suggested that different modalities such as mammogram may 
require slightly higher resolution than the proposed. It was requested that Shri 
Sunil Bhushan and Dr. Karanvir Singh may accordingly share the details with the 
Committee so that imaging standards may be set. 

7. Shri Amit Mishra, NHSRC requested that the EHR Review Committee may 
look at national level Public Health Information Systems like Mother & Child 
Tracking System, Health Management Information System and identify areas where 
SNOMED-CT can be utilized in an efficient manner. Mr. Gaur Sunder suggested 
that earlier formed MDDS Committee or NHSRC can study and propose standard 
compliant (open EHR archetypes) structures, where not already covered in existing 
archetypes used internationally, that are relevant for capture of clinical data in 
above mentioned national programs. 
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Receipt members also discussed & opined that in public 

health systems, for clinical aspects, EHR standards may be followed and MDDS 
may address standards for non-clinical aspects if so required and suggested by 
MDDS committee.The committee members also discussed on the issue of how to 
address validity of the EHR Standards notified in August 2013 in the context of the 
revised standards, to be notified after due process. 


9. Based on detailed discussions, the following decisions were taken in the 
meeting: 

• The revised EHR Standards document prepared by Sub-committee 
comprising Shri B.S. Bedi, Shri Bhattacharya & Shri Gaur Sunder may be 
circulated to all members for their comments, inputs and suggestions. 

• eGovernance Division, MoHFW may coordinate with Drug Controller 
General of India (DCGI) under the gamut of Central Drugs Standard Control 
Organization (CDSCO) to facilitate building standard compliant drug codes 
(i.e. encoded list of drugs and required details) for use in EHR as 
standalone standard or as an India-specific national drug extension of 
SNOMED CT. Appropriate protocol for building and timely updates may be 
evolved between the Ministry and DCGI. 

• The next meeting of Review Committee should be convened after one 
month. 


The meeting ended with vote of thanks to the chair and the participants. 
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6. Shri B S Bedi, Adviser,CDAC 

7. Prof S N Sarbadhikari, Project Director,CHI of NHP, NIHFW 

8. Dr Karanvir Singh, CMIO, Apollo Hospitals 

9. Shri Rajesh Narwal, Technical Officer,WHO 

10.Shri Balwant Godare, Consultant,WHO Country office 
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Government of India 
Ministry of Health & Family Welfare 

(e-Governance Division) 

*** 


New Delhi, dated the | cj April,2016 

NOTICE 

Subject: Placing the Electronic Health Record (EHR) Standards for India on Public domain 

for comments/views-reg. 

In 2013, Ministry of Health and Family Welfare notified Electronic Health Records 
(EHR) Standards for India. The set of Standards given therein were chosen from the best available 
and used standards applicable to EHRs from around the world keeping in view their suitability and 
applicability in India. Now these Standards have been improvised and made according to the ever 
changing need of the mass. Accordingly, the revised EHR Standards for India which has been notified 
in February, 2016 have been placed in public domain with a view to elicit comments/views of the 
stakeholders including the general public. 

The last date for comments has been extended upto 20 th May, 2016. The 
comments/views may be forwarded to Director (e-Governance Division), Ministry of Health and 
Family Welfare, Room No 307-D, Nirman Bhawan, New Delhi-110108 or emailed at 
jitendra.arora@gov.in on or before 20 th May, 2016. 



(Jitendra Arora) 
Director 
MoHFW 
Phn No. 23062317 
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Government of India 
Ministry of Health & Family Welfare 

(e-Governance Division) 

*** 

1 8 ^ 

New Delhi, dated the March, 2016 


NOTICE 


Subject: Placing the Electronic Health Record (EHR) Standards for India on public 

domain for comments/views-reg. 

In 2013, Ministry of Health and Family Welfare notified Electronic Health 
Records (EHR) Standards for India. The set of Standards given therein were chosen from the 
best available and used standards applicable to EHRs from around the world keeping in view 
their suitability and applicability in India. Now these Standards have been improvised and 
made according to the ever changing need of the mass. Accordingly, the revised EHR 
Standards for India which has been notified in February, 2016 have been placed in public 
domain with a view to elicit comments/views of the stakeholders including the general 
public. 


The comments/views may be forwarded to Director (e-Governance Division), 
Ministry of Health and Family Welfare, Room No 307-D, Nirman Bhawan, New Delhi-110108 
or emailed at jitendra.arora@gov.in on or before 20 th April, 2016. 



(Jitendra Arora) 
Director 


MoHFW 
Phn No. 23062317 
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EXECUTIVE SUMMARY 


Executive Summary 

INTRODUCTION 

In September 2013 the Ministry of Health & Family Welfare (MoH&FW) notified the Electronic Health 
Record (EHR) Standards for India. The set of standards given therein were chosen from the best available 
and used standards applicable to Electronic Health Records from around the world keeping in view their 
suitability and applicability in India. The Committee constituted to recommend the standards drew from 
experts, practitioners, government officials, technologists, and industry. The notified standards were not 
only supported by professional bodies, regulatory bodies, stakeholders, but various technical and social 
commentators as well as being a step in the right direction. MoH&FW moved ahead with facilitating the 
adoption, as next steps, and in last two years the Ministry has made available standards like SNOMED CT 
free for use in country as well as appoint interim National Release Center (NRC) to handle this clinical 
terminology standard that is fast gaining widespread acceptance amongst the various healthcare IT 
stakeholder communities worldwide. 

At the time of notifying the standards in September 2013, it was understood that the standards themselves 
will continue to evolve over time. Consequently, it was accepted that this notification will require revision 
from time to time. This becomes all the more necessary as understanding of those standards, their 
implementation and the expectations from the healthcare systems improve. Hence, MoH&FW constituted 
an expert group to review the earlier notified set of standards based on the experience and eyes firmly on 
the future. The set of standards provided herein represents the recommendations of the Expert Committee 
arrived at after deliberating on the various aspects of standardizations in healthcare record systems. The 
Committee also carefully examined the provisions of open standards and the guidelines as per the norms 
suggested by DeitY, MCIT, Government of India and recommended the standards given later in the 
document. 

NEED FOR ELECTRONIC HEALTH RECORD 

For a health record of an individual to be clinically meaningful it needs to be from conception or birth, at 
the very least. As one progresses through one's life, every record of every clinical encounter represents a 
health-related event in one's life. Each of these records may be insignificant or significant depending on the 
current problems that the person is suffering from. Thus, it becomes imperative that these records be 
available, arranged, and be clinically relevant to provide a summary of the various clinical events in the life 
of a person. 

An Electronic Health Record (EHR) is a collection of various medical records that get generated during any 
clinical encounter or events. With rise of self-care and homecare devices and systems, meaningful 
healthcare data get generated 24x7 and also have long-term clinical relevance. The purpose of collecting 
medical records, as much as possible, are manifold - better and evidence based care, increasingly accurate 
and faster diagnosis that translates into better treatment at lower costs of care, avoid repeating 
unnecessary investigations, robust analytics including predictive analytics to support personalized care, 


Page 1 





77 


File No. Q-11011 /2/2016-eGov (Computer No. 3062309 ) 
Receipt No : 289539/2016/MOHFW 


EXECUTIVE SUMMARY 


improved health policy decisions based on better understanding of the underlying issues, etc., all 
translating into improved personal and public health. 

Without standards, a lifelong medical record is simply not possible, as different records from different 
sources spread across ~80+years potentially needs to be brought meaningfully together. To achieve this, a 
set of pre-defined standards for information capture, storage, retrieval, exchange, and analytics that 
includes images,clinical codesand data is imperative. 

STRATEGIC HIGHLIGHTS 

This document provides a structured overview of the key EHR standards with respect to Indian healthcare 
system. For every aspect of data/information that is part of any healthcare record system has been 
addressed with a short guideline regarding implementation included. Various non-related 
recommendations from previous edition have been removed to better streamline the set of standards 
selected and achieve harmony among them. A detailed recommendation on the interoperability and 
standards, clinical informatics standards, data ownership, privacy and security aspects, and the various 
coding systems are given. The set of standards given in earlier edition has been updated with their latest 
versions as we move towards a better implementation. 

LOOKING AHEAD 

This document is a continuation of its earlier version, but in many ways reflects our growing confidence in 
path correctly chosen earlier - set of international and proven standards focused towards syntactic and 
semantic interoperability. The idea that any person in India can go to any health service 
provider/practitioner, any diagnostic center or any pharmacy and yet be able to access and have fully 
integrated and always available health records in an electronic format is not only empowering but also 
vision for efficient 21 st century healthcare delivery. 

In conclusion, it must be reiterated that these standards cannot be considered either in isolation or as 
"etched in stone for all eternity". These will need to undergo periodic review and update as necessary. 
Hence, this document must be a "living document". 
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Standards at a Glance 

This section is provided for quick reference. Details are provided in the subsequent sections. N.B., this is a 
tentative list only. 


s. 

No. 

Type 

Standard Name 

Intended Purpose 

1 


ISO/TS22220:2011 Health Informatics - Identification 
of Subjects of Health Care 

Basic identity details of 
patient 

2 

Identification & 
Demographics 

MDDS- Demographic (Person Identification and Land 
Region Codification) version 1.1 

Complete demographic 
for interoperability 
with E-Governance 
systems 

3 


Ul DAI Aadhaar 

Preferable identifier 
where available 

4 

Patient 

Identifiers 

Local Identifier 

Identifier given within 
institution/ clinic/ lab 

5 


Government Issued Photo Identity Card Number 

Identifier in 
conjunction with local 
in absence of Aadhaar 

6 

Architecture 

Requirements 

ISO 18308:2011 Health Informatics- Requirements for 
an Electronic Health Record Architecture 

System architectural 
requirements 

7 

Functional 

Requirements 

ISO/HL7 10781:2015 Health Informatics - HL7 

Electronic Health Records-System Functional Model 
Release 2 (EHRFM) 

System functional 
requirements 

8 

Reference 

Model and 
Composition 

ISO 13940 Health informatics- System of Concepts to 
Support Continuity of Care 

Concepts for care, 
actors, activities, 
processes, etc. 

9 

ISO 13606 Health informatics - Electronic Health 

Record Communication (Part 1 through 3) 

Information model 
architecture and 
communication 

10 


openEHR Foundation Models Release 1.0.2 

Structural definition 
and composition 

11 

Terminology 

SNOMED Clinical Terms (SNOMED CT) 

Primary terminology 

12 

Coding System 

Logical Observation Identifiers Names and Codes 
(LOINC) 

Test, measurement, 
observations 

13 

WHO Family of International Classifications (WHO- 
FIC) 

including ICD, ICF, ICHI, ICD-0 

Classification and 
reporting 
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s. 

No. 

Type 

Standard Name 

Intended Purpose 

14 

Imaging 

Digital Imaging and Communications in Medicine 
(DICOM) PS3.0-2015 

Image, waveform, 
audio/video 

15 

Scanned or 
Captured 

Records 

JPEG lossy (or lossless) with size and resolution not 
less than 1024px x 768px at 300dpi 

Image capture format 

16 

ISO/IEC 14496 - Coding of Audio-Visual Objects 

Audio/Video capture 
format 

17 

ISO 19005-1 Document Management - Electronic 
Document File Format for Long-Term Preservation - 
Parti: Use of PDF 1.4 (PDF/A-1) 

Scanned documents 
format 

18 

Data Exchange 

ANSI/HL7 V2.8.2-2015 HL7 Standard Version 2.8.2 - 
An Application Protocol for Electronic Data Exchange 
in Healthcare Environments 

Event/Message 
exchange 

19 

ASTM/ HL7 CCD Release 1 (basis standard ISO/ HL7 
27932:2009) 

Summary Records 
exchange 

20 

ISO 13606-5:2010 Health informatics - Electronic 

Health Record Communication - Part 5: Interface 
Specification 

EHR archetypes 
exchange [Also, refer to 
openEHR Service 

Model specification] 

21 

DICOM PS3.0-2015 (using DIMSE services & Part-10 
media/ files) 

Imaging/Waveform 
Exchange 

22 

Other Relevant 
Standards 

Bureau of Indian Standards and its MHD-17 Committee 

Standards 

Development 
Organizations (SDOs) 

23 

ISOTC215 set of standards 

24 

IEEE/NEMA/CE standardsfor physical systems and 
interfaces 

25 

Discharge/ 

Treatment 

Summary 

Medical Council of India (MCI) under regulation 3.1 of 
Ethics 

Composition as 
prescribed 

26 

E-Prescription 

Pharmacy Practice Regulations, 2015 Notification No. 
14-148/ 2012- PCI as specified by Pharmacy Council of 
India 

Composition as 
prescribed 

27 

Personal 
Healthcare and 
medical Device 
Interface 

IEEE 11073 health informatics standards and related 

ISO standards for medical devices 

Device interfacing 

28 

Data Privacy 
and Security 

ISO/TS 14441:2013 Health Informatics - Security & 
Privacy Requirements of EHR Systems for Use in 
Conformity Assessment 

Basis security and 
privacy requirements 
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s. 

No. 

Type 

Standard Name 

Intended Purpose 

29 

Information 

Security 

Management 

ISO/ DIS 27799 Health informatics - Information 

Security Management in Health using ISO/ IEC 27002 

Overall information 
security management 

30 

Privilege 
Management 
and Access 
Control 

ISO 22600:2014 Health informatics - Privilege 
Management and Access Control (Part 1 through 3) 

Access control 

31 

Audit Trail and 
Logs 

ISO 27789:2013 Health informatics - Audit trails for 
Electronic Health Records 

Audittrail 

32 

Data Integrity 

Secure Hash Algorithm (SHA) used must be SHA-256 
or higher 

Data Hashing 

33 

Data Encryption 

Minimum 256-bits key length 

Encryption key 

34 

HTTPS, SSL v3.0, and TLS vl.2 

Encrypted connection 

35 

Digital 

Certificate 

ISO 17090 Health informatics - Public Key 

Infrastructure (Part 1 through 5) 

Digital certificates use 
and management 


Note: Where year of publication or version of standard (or its parts) is not provided explicitly, the latest 
published version of standard (or its parts) available from standard body as on the date of notification / 
circulation of this recommendation is to be used. 
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List of Supporting/ Complimenting Standards 


The following list is indicative and representative and not comprehensive or definitive. These standards are 
advised to be used where applicable and as required. 


S. No. 

Standard 

Description 

1 

ISO 12967:2009 

Health Informatics - Service Architecture (Parts 1 - 3) 

2 

ISO 13972:2015 

Health Informatics - Detailed Clinical Models, Characteristics and 

Processes 

3 

ISO 20301:2014 

Health Informatics - Health Cards - General Characteristics 

4 

ISO 21090:2011 

Health Informatics - Harmonized Data Types for Information Interchange 

5 

ISO 8601:2004 

Data elements and Interchange Formats - Information Interchange - 
Representation of Dates and Times 

6 

ISO 13119:2012 

Health Informatics - Clinical Knowledge Resources - Metadata 

7 

ISO 22857:2013 

Health Informatics - Guidelines on Data Protection to Facilitate Trans- 

Border Flows of Personal Health Data 

8 

ISO 21549-1:2013 

Health Informatics — Patient Healthcard Data — Part 1: General 

Structure 

9 

ISO TS 14265:2011 

Classification of Purposes for Processing Personal Health Information 

10 

ISOTS 27527:2010 

Health Informatics - Provider Identification 
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Standards and Interoperability 

INTEROPERABILITY STANDARDS 

The primary aim of interoperability standards is to ensure syntactic (structural) and semantic (inherent 
meaning) interoperability of data amongst systems at ail times. The need for that cannot be overstated, 
more so within healthcare information systems whose primary aim is to deliver life-long clinical care at all 
times so that the person being cared for is able to maintain his/her health. 

The set of standards outlined in this document represents an incremental approach to adopting standards, 
implementation specifications; criteria to enhance the interoperability, functionality, utility, and security of 
health information technology; and to support its widespread adoption. It is to be kept in mind that these 
standards need to be flexible and modifiable to adapt to the demographic and resource variance observed 
in a country like India with its large population with diverse culture that is spread across a large region of 
varied geographical landscapes - hilly regions, river basins, desert, coast, etc. - many of which are remote 
and accessible with difficulty. 

It is important to recognize that interoperability and standardization can occur at many different levels. To 
achieve interoperability, information models would need to be harmonized into a consistent 
representation. 

In other cases, organizations may use the same information model, but use different vocabularies or code 
sets (for example, SNOMED CT or ICD10) within those information models. To achieve interoperability at 
this level, standardizing vocabularies, or mapping between different vocabularies may be necessary. For 
some levels, (such as the network transport protocol), an industry standard that is widely used (e.g.TCP/ IP 
- Transmission Control Protocol and Internet Protocol) will likely be the most appropriate. Ultimately, to 
achieve true interoperability, it is anticipated that multiple layers - network transportation protocols, data 
and services descriptions, information models, and vocabularies and code sets - will need to be 
standardized and/or harmonized to produce an inclusive, consistent representation of the interoperability 
requirements. 

It is further anticipated that using a harmonization process will integrate different representations of 
health care information into a consistent representation and maintain and update that consistent 
representation over time. For an information model, this process could include merging related concepts, 
adding new concepts, and mapping concepts from one representation of health care information to 
another. The need to support standardization of data and services descriptions and vocabularies and codes 
sets is appropriately addressed. 

It is also recognized that a sustainable and incremental approach to the adoption of standards will require 
processes for harmonizing both current and future standards. This will allow the incremental updating of 
the initial set of standards, implementation specifications, and certification criteria and provide a 
framework to maintain them. The decision to adopt such updates will be informed and guided by 
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recommendations from an appropriate authority such as the proposed National eHealth Authority (NeHA), 
Ministry of Health & Family Welfare or expert groups. 

GOALS 

The goals of standards in electronic health record systems are: 

Promote interoperability and where necessary be specific about certain content exchange and 

vocabulary standards to establish a path forward toward semantic interoperability 

Support the evolution and timely maintenance of adopted standards 

Promote technical innovation using adopted standards 

Encourage participation and adoption by all vendors and stakeholders 

Keep implementation costs as low as reasonably possible 

Consider best practices, experiences, policies and frameworks 

To the extent possible, adopt standards that are modular and not interdependent. 
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Health Record IT Standards 

IDENTIFICATION AND DEMOGRAPHIC INFORMATION OF PATIENT 

Demographic information including a unique identifier is necessary in a health record system in order to 
capture identifying information as well as identifiers for linking other medical artifacts logically as well as 
physically. All health record systems must therefore adhere to the following standards for capturing 
information related to patient demography and identifiers: 

1. ISO/TS 22220:2011 Health Informatics - Identification of Subjects of Health Care 

2. MDDS - Demographic (Person Identification and Land Region Codification) version 1.1 from E- 
Governance Standards, Government of India 

Implementation Guideline: Implementers must insure that health record application is able to capture all 
data fields as provided in the above two standards for completeness. It should also ensure that the system 
is able to interoperate (receive/import/send/export) all demographics information as provided in above 
two standards as per demand, i.e. when requested for demographics data in MDDS compliant format it 
should generate artefacts (file, message, etc.) as per that standard. Where codes related to location, 
authority, type of organization etc. are required, they should be taken from the MDDS-Demographic 
Standard. 

A health record system must have provision to include patient identifiers of following types: 

1. Ul DAI Aadhaar Number (preferred where available) 

2. Both of following in case Aadhaar is not available: 

2.1 Local Identifier (as per scheme used by HSP) 

2.2 Any Central or State Government issued Photo Identity Card Number 
Implementation Guidelines: 

1. Implementers must ensure that the Aadhaar number, where that is available, be used as the preferred 
identifier to serve as the unique health identifier. In case the Aadhaar number is not available, the 
system should allow a user to insert more than one (minimum two) identifiers for each patient along 
with its scope and provider (as given in above mentioned patient demography standards) in the 
system. In emergency situations where identity of patient cannot be confirmed or ascertained, 
temporary identifiers may be used (as per scheme used by HSP) and later confirmed identifiers may be 
inserted (while making earlier ones as inactive). 

2. Identification of Patient across EHR systems : Due to lack of mandate for use of Aadhaar or any such 
alternative(s) national unique identifier, it is difficult to match patient records when exchanging them 
between two EHR systems. This may lead to situations where different combinations of local identifier 
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and photo identity card numbers of the same person are used at different locations and/or in 
solutions. Thus, a single person may get to have different identities under which his/her records are 
captured. A conflict resolution process may be required to help resolve such cases. At this time, there is 
no direct solution available other than to use smart (possibly heuristic) algorithms to attempt to match 
records without or with intervention/confirmation of a human supervisor. Such an algorithm may use 
name (phonetic or spelling), address (full or parts), date of birth / age, gender, or other such matching 
details to mark incoming or searched records as possible or exact match before amalgamation or 
subsequent use. ISV may additionally need to provide the ability to merge/demerge patients to 
support this process within their solutions. 

ARCHITECTURE REQUIREMENTS AND FUNCTIONAL SPECIFICATIONS 

A health record system must meet architectural requirements and functional specifications to remain 
faithful to the needs of service delivery, be clinically valid and reliable, meet legal and ethical requirements, 
and support good medical practices. Therefore, a health record system must conform to the following 
standards: 

1. ISO 18308:2011 Health Informatics - Requirements for an Electronic Health Record Architecture 

2. ISO/HL7 10781:2015 Health Informatics - HL7 Electronic Health Records-System Functional Model 
Release 2 (EHRFM) 

Implementation Guideline: Above two standards, despite being extensive, are not full set of specifications 
and requirements to be met by a health record system or its many variants (PHR, etc.) or all possible use 
cases. The above mentioned standards are to be used as minimum set to be used within the scope of 
implementation as per relevance to the system being developed / deployed. 

LOGICAL INFORMATION REFERENCE MODEL AND STRUCTURAL COMPOSITION 

A health record system must accumulate observable data and information for all clinically relevant events 
and encounters. For this purpose, it is important to have common semantic and syntactic logical 
information model and structural composition for captured artefacts. Unless the data being captured is 
standardized, its communication and understanding may not be same across systems. Therefore, a health 
record system must conform to the followi ng standards: 

1. ISO 13940 Health Informatics - System of Concepts to Support Continuity of Care 

2. ISO 13606 Health Informatics - Electronic Health Record Communication (Part 1 though3) 

3. openEHR Foundation Models Release 1.0.2 

3.1 Required Model Specifications: Base Model, Reference Model, Archetype Model 

3.2 Optional Model Specifications: Service Model, Querying, Clinical Decision Support 
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Implementation Guideline: The ISO 13940 (also known as CEN ContSys) is to be generally used for purpose 
of modelling and describing concept system and organize information objects. While ISO 13606 set of 
standards are basic reference model and related specifications, openEHR provides ISO 18308 conformant 
platform-independent implementation harmonized with ISO 13606 standard. Implementers are free to 
design internal structures, databases, and user interfaces as per the requirements and technology 
platforms but structural composition for clinical data/information artefact must be logically similar to 
Reference Model given in above standards. A health record system implementation must make its openEHR 
compliant Operational Templates (OPT) freely available and accessible in required format. 

MEDICAL TERMINOLOGY AND CODING STANDARDS 

In order to have semantic interoperability between different health record systems, it is necessary to follow 
a common terminology and coding system standards to express unambiguous meaning of data captured, 
stored, transmitted, and analyzed. It is also important to have these terminologies and codes in computer 
process-able format to aid automation and ensure that data is in an analyzable state at all times. Therefore, 
a health record system must conform to the follow ing standards: 

1. Primary Terminology: IHTSDO - SNOMED Clinical Terms (SNOMED CT) 

Implementation Guideline: A health record system must use SNOMED CT as the primary internal encoding 
system for all clinically relevant, including dental, nursing, substance/drugs, information. IHTSDO SNOMED 
CT code shall also be used while communicating clinical information to other health record systems. 
SNOMED CT concept codes (as pre-coordinated or as post-coordinated expressions) are to be used for all 
hierarchies covered under the standard unless otherwise provided in this document. It shall also be the 
coding system that must be used internally in other information storage and communication standards 
such as openEHR archetypes, HL7, DICOM, etc. IHTSDO releases SNOMED CT twice annually. 

2. Test, Measurement and Observation Codes: Regen strief Institute- Logical Observation Identifiers 
Names and Codes (LOINC) 

Implementation Guideline: LOINC coding is to be used for processing results and reports with Laboratory 
and Imaging Information Systems. N.B.: SNOMED CT to LOINC coding interchange map is available from 
IHTSDO and Regenstrief Institute. 

3. Classification Codes: WHO Family of International Classifications (WHO-FIC) 

3.1 WHO I CD-10: International Classification of Diseases (I CD) and its derivative classifications 

3.2 WHO ICF: International Classification of Functioning, Disability and Health (ICF) 

3.3 International Classification of Health Interventions (ICHI) 

3.4 International Classification of Diseases for Oncology (ICD-O) 
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Implementation Guideline: WHO FIC codes are primarily used for aggregated information and 
statistical/epidemiological analysis for public health purposes derived from health records that contain 
patient care related information as well as information that is crucial for management, health financing and 
general health system administration. While SNOMED CT is to be used by health record systems for 
terminology, generated classification-based reports may require the use of WHO FIC codes. Classification 
based reporting, for statistical or regulatory purposes, may continue to use WHO FIC codes as mandated by 
the health regulatory, intelligence, and various research bodies. N.B.: SNOMED CT to I CD-10 coding 
interchange map is availablefrom IHTSDO and WHO. 

DATA STANDARDS FOR IMAGE, MULTIMEDIA, WAVEFORM, DOCUMENT 

A health record system stores data records and files of various types in support of clinical functions. These 
data elements serve the purpose of documentary records of various diagnostic and prescriptive data or 
information generated. Therefore, a health record system must conform to the following standards for such 
data: 

1. NEMA Digital Imaging and Communications in Medicine (DlCOM) PS3.0-2015 

Implementation Guideline: NEMA DICOM PS3.0-2015 is a comprehensive standard for handling and 
managing image (series or single), waveforms (such as those in ECG/ EEG), audio (such as those in digital- 
stethoscope) and video (such as those in endoscope, ultrasound) data in medicine. A health record 
implementation is required to implement relevant DICOM Information Object Definitions (lODs) for 
supported data types in Part-10 compliant files. Where required and relevant, other features of standard 
such as services, display, print, and workflow may be implemented. 

2. Scanned or Captured Records: 

2.1 Image: JPEG lossy (or lossless) with size and resolution not less than 1024pxx 768px at 300dpi 

2.2 Audio/Video: ISO/ IEC14496 - Coding of Audio-Visual Objects 

2.3 Scanned Documents: ISO 19005-1 Document Management - Electronic Document File Format for 

Long-Term Preservation - Part 1: Use of PDF 1.4 (PDF/A-1) 

Implementation Guideline: The above mentioned standards are to be used for documentary data (scan for 
prescription, summaries, etc.) and data captured through traditionally non-DICOM compliant sources like 
picto-micrographs, pathological photographs, photographs of intramural and extramural lesions, etc. All 
data formats that can be converted into relevant DICOM format should be, as relevant, converted and 
communicated as secondary captured DICOM format. It may be noted that while no maximum image 
resolution has been prescribed, a sufficiently acceptable limit may be used to avoid unnecessarily large file 
that do not aid in correspondingly better diagnosis or analysis. 
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DATA EXCHANGE STANDARDS 

A health record system has to operate in a larger ecosystem of other components with which it must share 
or communicate data in order to capture and provide as comprehensible medical information as is 
practical. A health record system must therefore conform to the following standards: 

1. Event/ M essage Exchange: ANSI/HL7 V2.8.2-2015 HL7 Standard Version 2.8.2 - An Application 
Protocol for Electronic Data Exchange in Healthcare Environments 

2. Summary Records Exchange: ASTM/HL7 CCD Releasel (basis standard ISO/HL7 27932:2009) 

3. EHR Archetypes: ISO 13606-5:2010 Health informatics - Electronic Health Record Communication - 
Part 5: Interface Specification [Also, refer to openEHR Service Model specification] 

4. Imaging/Waveform Exchange: NEMA DICOM PS3.0-2015 (using DIMSE services/* Part-10 media/files) 

Implementation Guideline: Implementation of exchange standards is expected to be at least for the scope of 
data captured or retained by the health record system. To explain further, full implementation of ANSI/ HL7 
V2.8.2 for each event and message is not required in health record systems but minimum implementation 
supporting the types of events and messages relevant to the system is required. Similarly, 
implementation/support of DICOM DIMSE C-Store and/or C-FIND/C-GET service is expected for lODs 
supported by health record system whereas implementation of WADO could be optional. 

OTHER STANDARDS RELEVANT TO HEALTHCARE SYSTEMS 

Healthcare record systems need to co-exist within a larger ecosystem with various other systems. It is 
important for all systems within a healthcare setup to adhere to relevant standards. While standards 
related to such systems are not within the scope of this document, as a general rule, standards created or 
ratified by following Standard Development Organizations (SDOs) should be used: 

1. Bureau of Indian Standardsand its MHD-17 Committee 

2. ISOTC215 set of standards 

3. IEEE/NEMA/CE standardsfor physical systems and interfaces 


Implementation Guideline: To help the implementers, an indicative list of such standards is provided in the 
"Standards at a Glance" section above. BIS approved standards shall be preferred for implementation. 

DISCHARGE/TREATMENT SUMMARY FORMAT 

Implementers must ensure that the logical information model includes data elements to satisfy 
requirements of the format for Medical Records as specified by Medical Council of India (MCI) under 
regulation 3.1 of ethics. The printed reports will need to be in the MCI prescribed format whenever any 
discharge or treatment summary is prepared. 
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E-PRESCRIPTION 

Pharmacy Council of India (PCI) has, in its recent regulation (Pharmacy Practice Regulations, 2015 
Notification No. 14-148/ 2012- PCI), provided the definition of the term under Section 2(j) that the term 
'Prescription' includes the term 'electronic direction'. Implementers must therefore ensure that the logical 
information model includes data elements to satisfy requirements of the format for Medical Prescription as 
specified by the Pharmacy Council of India. The printed prescription will need to be in the PCI prescribed 
format whenever any medical prescription meant for drug dispensing is prepared. For the purpose of e- 
Prescription, implementers must ensure that the electronic version is digitally signed by a registered 
medical practitioner, and its non-repudiation is ensured at all times. The pharmacists shall be able to print 
a copy of e-Prescription in the required format along with other relevant digital authentication details. 

PERSONAL HEALTHCARE AND MEDICAL DEVICES INTERFACING 

Where not covered under relevant data exchange standards, it is recommended that IEEE 11073 health 
informatics standards and related ISO standards for medical devices be followed as appropriate whenever 
any personal healthcare/ medical device is interfaced with the EMR system for the purpose of clinical data 
exchange, retrieval, storage, etc. 

PRINCIPLES OF DATA CHANGE 

The data once entered into a health record system must become immutable. The healthcare provider may 
have the option to re-insert/append any record in relation to the medical care of the patient as necessary 
with a complete audit trail of such change maintained by system. Alteration of the previously saved data 
should not be permitted. No update or update like command shall be accessible to user or administrator to 
store a medical record or part thereof. Any record requiring revision should create a new medical record 
containing the changed/appended/ modified data of earlier record. This record shall then be stored and 
marked as ACTIVE while rendering the previous version(s) of the same record marked INACTIVE. The data 
will thus be immutable. A strict audit trail shall be maintained of all activities at all times that may be 
suitably reviewed by an appropriate authority like auditor, legal representatives of the patient, the patient, 
healthcare provider, privacy officer, court appointed/ authorized person, etc. 

As-ls Principal: 

The data captured through the devices is usually in a certain format whereas the data given by the doctor 
as file may be in some different format. These data provided / included in the system is to be treated as 
sacrosanct. The As-ls Principal requires that the data captured in the first instance should be retrievable at 
any given point of time later in the same format, clarity, size and detail as it was provided in the beginning. 

It effectively means that the system is not allowed to make any changes either to the data or its format or 
its nature at any point other than the creation time for any reason. However, if it is required that the data 
needs to be altered either to carry some additional information at some later point, like annotation on 
images, or correction of errors of omission or commission, etc., it must be done on a copy of the original 
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data, keeping the original data intact, and marking the updated version as active while marking the 
previous version inactive. The modified data will become part of the EH R/ EM R. 

Informed Format Change: 

Whenever, the data, its format or its nature needs to be changed within the system, it must be done with 
the explicit consent of the doctor / technician / person that is entering or managing the data. This explicit 
consent can also be taken from a set of preferences already set by the user or the administrator / root of 
the system. In such preference based consent, there is no need to prompt the user for permission at each 
insertion point. 

Also, in case the system is set to change format or nature of data automatically by setting of preferences, it 
must be made sure that the rule of conversion is declared in the Standard Operating Procedure (SOP) of 
site/application. 
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Guidelines 

HARDWARE 

The IT hardware used should meet (and preferably be better than) the optimal requirements specified 
by the software (to be) used. 

The medical and IT hardware used must meet the relevant applicable specifications from BIS, NEMA, 
IEEE, ISO, CE, RoHS, EnergyStar, apart from Medical and IT standards for the equipment. 

• A backup or data preservation mechanism should be considered. Data capacity should be planned to 
meet the storage requirement as per the mandated rule/ law. 

System redundancy at various levels (disk, power, network, etc.) should be planned to meet the 
organizational system availability requirement. 

Network and data security should be planned, implemented, and periodically audited. Please see 
section on Security and Privacy for the various requirements and functions that need to be supported 
and implemented. 

Hardware should be checked periodically for correctness and completeness of operation expected from 
them. An appropriate maintenance cycle should be planned and rigorously followed. 

Planned and expected Capacity and Quality requirement of the organization should be met by the 
hardware used. Periodic updates and upgrades should be carried out to meet the requirements. 

NETWORKING AND CONNECTIVITY 

Should beableto harness any telecommunications-related connectivity like the Internet, LAN,WAN, 
WAP, CDMA, GSM or even Cloud Computing that will permit the various EMRs of an individual to be 
integrated into a single lifelong electronic health record 

As far as is practical and affordable, the connectivity medium chosen should be reliable and fast 
enough to sustain a secure data exchange for the period expected for transaction of records and data. 
Thespeed of the connectivity medium should be chosen from among available options so as to provide 
an acceptable user experience and not cause software/ system fault due to delays/ noise/failure. 

Should beableto ensure that data exchange is performed in a secure manner to ensure data validity 
and non-repudiability 

The data exchange must further ensure that data integrity is maintained at all times 

SOFTWARE STANDARDS 

The software for capturing, storing, retrieving, viewing, and analyzing healthcare records should: 

Conform to the specified standards 
Satisfy specified requirements 

Be Interoperable, especially in terms of syntax and semantics of the information being exchanged 
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Should be able to ensure user authentication and authorization 
Should be able to support privacy, secrecy and audit trail 

Possess advanced search, merge, and demerge functionality to ensure that duplicates are robustly 
resolved 

Should be able to support conception-to-current/ most recent medical records of a person (as relevant 
to scope of application) 

Should be able to support digital archiving and retrieval of medical records after the death of a person 
for the total duration as specified by Government of India from time to time 
Should be able to construct a medical/cl ini cal summary based on available records from the very first 
visit to current/ most recent 

Preferably be able to support rapid data capture-storage-retrieval-display of data 

HEALTH RECORD IN MOBILE DEVICES 

As people become more mobile and travel becomes more accessible, patients will increasingly expect the 
healthcare record system to provide essential health information over mobile devices, which will give their 
treating clinician basic information like, medical condition, drug/allergy information etc. Demographics, 
insurance info, medications, allergy and alerts, and vital signs are some of the records that are 
recommended to be provided in at least read-only manner and to the extent relevant for emergency care 
and quick reference. It is also possible that certain clinical (BP, temperature, glucose count) and lifestyle 
(steps walked, distance run, sleep duration and quality) related information will additionally be provided 
by the patient thereby providing vital clues and information on the overall wellbeing of patient. 

In the specific regard of design and usability of such applications, m-governance guidelines of DeitY, 
Ministry of Communication & Information Technology, Government of India shall be applicable. 
(http://www.deity.gov.in/content/framework-mobile-governance). 
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Data Ownership of Health Records 

THE ETHICAL, LEGAL, SOCIAL ISSUES (ELSI) GUIDELINES 

For the purposes of these recommendations, the term "privacy” shall mean that only those person or 
person(s) including organizations duly authorized by the patient may view the recorded data or part 
thereof. The term "security" shall mean that all recorded personally identifiable data will at all times be 
protected from any unauthorized access, particularly during transport (e.g. from healthcare provider to 
provider, healthcare provider to patient, etc.). The term "trust" shall mean that person, persons or 
organizations (doctors, hospitals, and patients) are those who they claim they are. 

The following approaches are to be adopted wherever applicable to address the aspects that the terms 
mentioned above refer to: 

Privacy would refer to authorization by the owner of the data (the patient) 

Security would have as components both public and private key encryption; the encryption techniques 
used in transit and at rest need to be through different methodologies. 

Trust would be accepted whenever a trusted third party confirms identity 

PROTECTED HEALTH INFORMATION 

Protected Health Information (PHI) would refer to any individually identifiable information whether oral 
or recorded in any form or medium that (1) is created, or received by a stakeholder; and (2) relates to past, 
present, or future physical or mental health conditions of an individual; the provision of health care to the 
individual; or past, present, or future payment for health care to an individual. 

Electronic Protected Health Information (ePHI) would refer to any protected health information (PHI) that 
is created, stored, transmitted, or received electronically. Electronic protected health information includes 
any medium used to store, transmit, or receive PHI electronically. 

As per the Information Technology Act 2000, Data Privacy Rules, refer to 'sensitive personal data or 
information' (Sensitive Data) as the subject of protection, but also refer, with respect to certain obligations, 
to ‘personal information'. Sensitive Data is defined as a subset of 'personal information'. Sensitive Data is 
defined as personal information that relatesto: 

1. Passwords 

2. Financial information such as bank account or credit card or debit card or other payment instrument 
details 

3. Physical, psychological and mental health condition 

4. Sexual orientation 

5. Medical records and history 

6. Biometric information 

7. Any detail relatingto (1) - (6) above received by the body corporate for provision of services 
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8. Any information relating to (1) - (7) that is received, stored or processed by the body corporate under 
a lawful contract or otherwise 

DATA OWNERSHIP 

The physical or electronic records, which are generated by the healthcare provider, are held in trust by 
them on behalf of the patient 

The contained data which are the sensitive personal data of the patient is owned by the patient herself. 
The medium of storage or transmission of such electronic medical record will be owned by the 
healthcare provider. 

The "sensitive personal information (SPI) and personal information (PI)" of the patient is owned by the 
patient themselves. Refer to IT Act 2000 for the definition of SPI and PI. 

DATA ACCESS AND CONFIDENTIALITY 

Regulations are to be enforced to ensure confidentiality of the recorded patient/medical data and the 
patient should have a control over this. 

Patients will have the sufficient privileges to inspect and view their medical records without any time 
limit. Patient's privileges to amend data shall be limited to correction of errors in the recorded 
patient/medical details. This shall need to be performed through a recorded request made to the 
healthcare provider within a period of 30 days from the date of discharge in all inpatient care settings 
or 30 days from the date of clinical encounter in outpatient care settings. An audit of all such changes 
shall be strictly maintained. Both the request and audit trail records shall be maintained within the 
system. 

Patients will have the privileges to restrict access to and disclosure of individually identifiable health 
information and need to provide explicit consent, which will be audited, to allow access and/or 
disclosures. 

All recorded data will be available to care providers on an 'as required on demand'basis 

DISCLOSURE OF PROTECTED / SENSITIVE INFORMATION 

For use in treatment, payments and other healthcare operations: In all such cases, a general consent 
must betaken from the patient or next of kin, etc. as defined by applicable laws by MCI. 

Fair use for non-routine and most non-health care purposes: a specific consent must be taken from the 
patient; format as defined by MCI. 

For certain specified national priority activities, including notifiable/communicable diseases, the 
health information may be disclosed to appropriate authority as mandated by law without the patient's 
prior authorization 

Instances where use and disclosure without individual authorization will be possible are as follows: 
Complete record with all identifiers in an "as-is" state, on production of court order 
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Totally anonymized data, where the anonymization process involves the complete removal of all 
information that allows the identification of the patient. (List of such personally identifiable 
information is provided below) 

RESPONSIBILITIES OF A HEALTHCARE PROVIDER 

Protect and secure the stored health information, as per the guidelines specified in this document 
While providing patient information, remove patient identifying information (as provided in the list 
below), if it is not necessary to be provided 

Will ensure that there are appropriate means of informing the patient of policies relating to her/ his 
rights to health record privacy 

Document all its privacy policies and ensure that they are implemented and followed. This will include: 
Develop internal privacy policies 

Designate a privacy officer (preferably external, may be internal) who will be responsible for 
implementing privacy policies, audit and quality assurance 
Provide privacy training to all its staff 

PRIVILEGES OF PATIENT OR PERSONAL REPRESENTATIVE 

Patient will have the privilege to appoint a personal representative to carry out the activities detailed 
below. 

Patients will have the privilege to ask for a copy of its medical records held by a healthcare 
organization. 

Patients will have the privilege to request a healthcare organization that stores/maintains his/her 
medical records, to withhold specific information that he/ she does not want disclosed to other 
organizations or individuals. 

Patient can demand information from a healthcare provider on the details of disclosures performed on 
the patient's medical records for any reason whatsoever 

DENIAL OF INFORMATION 

Healthcare provider will be able to deny information to a patient or representative or third party, in 
contravention of normal regulations, if in the opinion of a licensed healthcare professional the release of 
information would endanger the life or safety of the patients and others. This will include but not be 
limited to as follows: 

Information obtained from an anonymous source under a promise of confidentiality. 

• Psychotherapy notes. 

Information compiled for civil, criminal or administrative action. 
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ELECTRONIC MEDICAL RECORDS PRESERVATION 

Preservation of medical records assume significant importance in view of the fact that an electronic health 
record of a person is an aggregation of all electronic medical records of the person from the very first entry 
till date. Hence, all records must compulsorily be preserved and not destroyed during the life-time of the 
person, ever. 

Upon the demise of the patient where there are no court cases pending, the records can be removed from 
active status and turned to inactive status. ISVs are free to decide when to make a record inactive, however, 
it is preferable to follow the "three (3) year rule" where all records of a deceased are made inactive three 
(3) years after death. 

It is however preferred and ISVs are strongly encouraged to ensure that the records are never be destroyed 
or removed permanently. The health of the blood relatives and natural descendants of the person can be 
strongly influenced by the health of the person and on-demand access to these may prove to be hugely 
useful in the maintenance of the health of the relations. 

Furthermore, analysis of health data of all persons is expected to greatly benefit in the understanding of 
health, disease processes and the amelioration thereof. 

With rapid decline in costs of data archiving coupled with the ability to store increasing amounts of data 
that may be readily accessible, continued maintenance of such data is not expected to lead to any major 
impact on the overall system maintenance and use. 

PATIENT IDENTIFYING INFORMATION 

Data are "individually identifiable" if they include any of the under mentioned identifiers for an individual 
or for the individual's employer or family member, or if the provider or researcher is aware that the 
information could be used, either alone or in combination with other information, to identify an individual. 
These identifiers are as follows: 

• Name 

Address (all geographic subdivisions smaller than street address, and PIN code) 

All elements (except years) of dates related to an individual (including date of birth, date of death, etc.) 
Telephone,cell (mobile) phoneand/or Fax numbers 

• Email address 

Bank Account and/ or Credit Card Number 
Medical record number 

• Health plan beneficiary number 
Certificate/license number 

Any vehicle or other any other device identifier or serial numbers 
PAN number 
Passport number 
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AADHAAR card 

Voter ID card 

Fingerprints/ Biometrics 

Voice recordings that are non-clinical in nature 

Photographic images and that possibly can individually identify the person 
Any other unique identifying number, characteristic, or code 

APPLICABLE LEGISLATION 

The existing Indian laws including IT Act 2000 and their amendments from time to time would prevail. 

( http://deitv.aov.in/content/information-technoloav-act-2000) . 
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Data Privacy and Security 

SECURITY OF ELECTRONIC HEALTH INFORMATION: 

The Privacy Standards and the Security Standards are necessarily linked. Any health record system 
requires safeguards to ensure that the data is available when needed and that information is not used, 
disclosed, accessed, altered, or deleted inappropriately while being stored or retrieved or transmitted. The 
Security Standards work together with the Privacy Standards to establish appropriate controls and 
protections. Health sector entities that are required to comply with the Privacy Standards also must comply 
with the Security Standards. 

Organizations must consider several factors when adopting security measures. How a healthcare provider 
satisfies the security requirements and which technology it decides to use are business decisions left to the 
individual organizations. In deciding what security measures to adopt, an organization must consider its 
size, complexity, and capabilities; it's technical infrastructure, hardware, and software security capabilities; 
the cost of particular security measures; and the probability and degree of the potential risks to the ePHI it 
stores, retrieves and transmits. 

PURPOSE OF THE SECURITY STANDARDS 

The security standards require healthcare providers to implement reasonable and appropriate 
administrative, physical, and technical safeguards to: 

ensure the confidentiality, integrity, and availability of all the e-PHI they create, transmit, receive, or 
maintain 

protect against reasonably anticipated threats or hazards to the security or integrity of their e-PHI 
protect against uses or disclosures of the e-PHI that are not required or permitted under the Privacy 
Standards 

ensure their workforce will comply with their security policies and procedures 

TECHNICAL STANDARDS 

To protect the ePHI handles by a healthcare provider, the provider must implement technical safeguards as 
part of its security plan. Technical safeguards refer to using technology to protect ePHI by controlling 
access to it. Therefore, they must address the following standards focusing on the following functionalities. 
It is worth noting that they will need to use an EHR/ EMR solution that is able to successfully and robustly 
demonstrate the possession and working of these functionalities. 

The basic requirements for security and privacy are provided in following standard: 

1. ISO/TS 14441:2013 Health Informatics - Security & Privacy Requirements of EHR Systems for Use in 
Conformity Assessment 
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Authentication: 

Locally within the system the fact that a person or entity seeking access to electronic health 
information is indeed the one as claimed and is also authorized to access such information must be 
verifiable. 

Across the network, however extensive it might be, the fact that a person or entity seeking access to 
electronic health information across a network is the one claimed and is authorized to access such 
information in accordance with the standard specified in this document must be verifiable. 


Automatic log-off: An electronic session after a predetermined time of inactivity must be forcibly 
terminated. To log in back, the user will have to initiate a new log in session. However, for the sake of 
ergonomics, it is recommended that the unsaved state of the system at the time of automatic iog-off be 
saved and presented back to the user for further action. This should be a user-specific feature. 

The advisory standard for overall information security management in health is: 

2. ISO 27799 Health informatics - Information Security Management in Health using I SO/1 EC 27002 

Implementation Guideline: The ISO 27799 is provided as a basic advisory standard for security 
management. Other security management and standard / practices / guidelines given by Law (such as IT 
Act 2000 and amendments) or regulatory / statutory / certification bodies (such as National Accreditation 
Board for Hospitals & Health care Providers (NABH)) should be taken in consideration when designing 
and/or implementing health record system. 


Access control: The solution must assign a unique name and/or number for identifying and tracking user 
identity and establish controls that permit only authorized users to access electronic health information. In 
cases of emergency where access controls need to be suspended in order to save a live, authorized users 
(who are authorized for emergency situations) will be permitted to have unfettered access electronic 
health information for the duration of the emergency with the access remaining in force during the validity 
of the emergency situation. 

Access Privileges: Ideally only clinical care providers should have access rights to a person's clinical 
records. However, different institutional care providers have widely varying access privileges specified that 
are institution-specific. No country-wide standards can be specified for this at least at this point in time. 

For privilege management and access control,following standards may be used: 

3. ISO 22600:2014 Health informatics - Privilege Management and Access Control (Part 1 through 3) 

Implementation Guideline: The ISO 22600 set of standards is provided as an advisory standard for policy 
based access control. For the purpose of privilege management, rule / policy based access is expected to 
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give better control and flexibility in defining and enforcing access control. Access control mechanisms such 
as Role Based, Policy Based, or singular user (applicable in case of mobile based PHR) are acceptable as 
long as conformant to applicable data security law(s) and rules as well as policy of the organization where 
implemented. 


Audit log: 

All actions related to electronic health information in accordance with the standard specified in this 
document including viewing should be recorded. 

Based on user-defined events must be provided. 

Aii or a specified set of recorded information upon requestor at a set period of time must be 
electronically displayed and printed. 

The advisory standard for audit trail / log in health record system is: 

4. ISO 27789:2013 Health informatics - Audit TraiIs for Electronic Health Records 


Integrity: 

During data transit the fact that the electronic health information has not been altered in transit in 
accordance with the standard specified in this document must be verifiable. 

Detection of events - all alterations and deletions of electronic health information and audit logs, in 
accordance with the standard specified in this document must be detected. 

Appropriate verification that electronic health information has not been altered in transit shall be 
possible at any point in time. A secure hashing algorithm must be used to verify that electronic health 
information has not been altered in transit and it is recommended that the Secure Hash Algorithm 
(SHA) used must be SHA-256 or higher. 

Encryption: 

Generally, all electronic health information must be encrypted and decrypted as necessary according to 
organization defined preferences in accordance with the best available encryption key strength 
(minimum 256-bits key). 

During data exchange all electronic health information must be suitably encrypted and decrypted 
when exchanged in accordance with an encrypted and integrity protected link. 

All actions related to electronic health information must be recorded with the date, time, patient 
identification, and user identification whenever any electronic health information is created, modified 
(non-clinical data only), deleted (stale and non-clinical data only), or printed; and an indication of 
which action(s) took place must also be recorded. 
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A cross-enterprise secure transaction that contains sufficient identity information such that the 
receiver can make access control decisions and produce detailed and accurate security audit trails 
must be used within the system. 

SecureTransmission standards and mechanisms must be used to allow access to health information as 
well as transmit data from one application / site to another. For this purpose HTTPS, SSL v3.0, and TLS 
vl.2 standards should be used. Please refer to relevant IETF, IEEE, ISO, and FIPS standardsfor same. 

Digital Certificates: 

Use of Digital Certificates for identification and digital signing is recommended in health record system. 
Health record system must use following standard wheredigital certificates are used: 

5. ISO 17090 Health informatics - Public Key Infrastructure (Part 1 through 5) 

ADMINISTRATIVE SAFEGUARDS STANDARDS 

The Administrative Safeguards require healthcare providers to develop and implement a security 
management process that includes policies and procedures that address the full range of their security 
vulnerabilities. Being administrative in nature, these need to be internally designed and developed as 
standard operating procedure (SOP) that must be published for all users to see and adhere to. 
Conformance to adherence may be delegated to the Privacy Officer detailed in the Data Ownership chapter 
above. To comply with the Administrative Safeguards, a healthcare provider must implement the following 
standards. 

The security management process standard, to prevent security violations; 

Assigned security responsibility, to identify a security officer; 

Workforce security, to determine e-PHI user access privileges; 

Information access management, to authorize access to e-PHI; 

Security awareness training, to train staff members in security awareness; 

Security incident procedures, to handle security incidents; 

Contingency plan, to protect e-PHI during an unexpected event; and 
Evaluation, to evaluate an organization's security safeguards. 

PHYSICAL SAFEGUARDS STANDARDS 

Physical safeguards are security measures to protect a healthcare provider's electronic information 
systems, related equipment, and the buildings housing the systems from natural and environmental 
hazards, and unauthorized intrusion. Healthcare providers must fulfill the following four standards. 
However, since most of the implementation specifications in this category are addressable, healthcare 
providers have flexibility in determining how to comply with the requirements as long as these are 
internally designed and developed as per the relevant SOP and published for all usersto see and adhereto. 
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Conformance to adherence may be delegated to the Privacy Officer detailed in the Data Ownership chapter 
above. 

The required physical standards are: 

The facility access control standard, to limit actual physical access to electronic information systems 
and the facilities where they're located; 

The workstation use standard, to control the physical attributes of a specific workstation or group of 
workstations, to maximize security; 

The workstation security standard, to implement physical safeguards to deter the unauthorized access 
of a workstation; and 

The device and media controls standard, to control the movement of any electronic media containing 
ePHI from,to or within thefacility. 
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Glossary 

The various terms, including acronyms, are explained from a conceptual point and may not be the format 
definitions. 

ADSL (Asymmetric Digital Subscriber Line): A type of DSL that uses copper telephone lines to transmit data 
faster than a traditional modem. ADSL only works within short distances because it uses high frequencies 
with short signals. 

Allergy List: This is a list of all the patient's allergies. 

Allopathic, Allopathy: Defined as relating to or being a system of medicine that aims to combat disease by 
using remedies (as drugs or surgery) which produce effects that are different from or incompatible with 
those of the disease being treated 

Ambulatory care: Any medical care delivered on an outpatient basis. 

ANM: Auxiliary Nurse Midwife 

Archetype: Basically an information model, it is a computable expression of a domain content model in the 
form of structured constraint statements, based on a reference (information) model. Within the openEHR 
paradigm, archetypes are based on the openEHR reference model. Archetypes are all expressed in the same 
formalism. In general, they are defined for wide re-use, however, they can be specialized to include local 
particularities. They can accommodate any number of natural languages and terminologies. 

Artefact: An object made by a human being, typically one of cultural or historical interest. In healthcare IT 
context, an artefact is any item such as a document, file or drawing, etc. that is generated for use as a 
reference material or inside a system. 

ASHA: Accredited Social Health Activist is usually a literate 25 - 45 year old married/ widowed/ divorced 
lady selected from the village itself and accountable to it and trained to work as an interface between the 
community and the public health system. This is position is one of the key components of the National 
Rural Health Mission aimed at providing every village in the country with a trained female community 
health activist 

ATC: Anatomical Therapeutic Chemical Classification System, controlled by the WHO Collaborating Centre 
for Drug Statistics Methodology (WHOCC), is used for drug classification. 

Authentication: The verification of the identity of a person or process. 

Authorization: Any document designating any permission. Authorization or waiver of authorization for the 
use or disclosure of identifiable health information for research (among other activities) is required. The 
authorization must indicate if the health information used or disclosed is existing information and/or new 
information that will be created. The authorization form may be combined with the informed consent form, 
so that a patient need sign only one form. An authorization must include the following specific elements: a 
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description of what information will be used and disclosed and for what purposes; a description of any 
information that will not be disclosed, if applicable; a list of who will disclose the information and to whom 
it will be disclosed; an expiration date for the disclosure; a statement that the authorization can be 
revoked; a statement that disclosed information may be re-disclosed and no longer protected; a statement 
that if the individual does not provide an authorization, she/ he may not be able to receive the intended 
treatment; the subject's signature and date. 

AYUSH: Ayurveda, Yoga, Unani, Siddha and Homeopathy. Falls under the broad category of Indian Systems 
of Medicines and Homoeopathy (ISM&H) governed by Ministry of Health and Family Welfare, Government 
of India 

[C] 

CCD (Continuity of Care Document): A joint effort of HL7 International and ASTM. CCD fosters 
interoperability of clinical data by allowing physicians to send electronic medical information to other 
providers without loss of meaning and enabling improvement of patient care. CCD is an implementation 
guide for sharing Continuity of Care Record (CCR) patient summary data using the HL7 Version 3 Clinical 
Document Architecture (CDA), Release 2. It establishes a rich set of templates representing the typical 
sections of a summary record, and these same templates for vital signs, family history, plan of care, and so 
on can then be used for establishing interoperability across a wide range of clinical use cases. 

CDT: Common Dental Terminology 

Chain of Trust Agreement: A contract needed to extend the responsibility to protect health care data across 
a series of sub-contractual relationships. 

Chief Complaint (CC), Reason for Consultation (RFC), Reason of Visit (ROV): for recording a patient's 
disease symptoms. 

Client/Server Architecture: An information-transmission arrangement, in which a client program sends a 
request to a server. When the server receives the request, it disconnects from the client and processes the 
request. When the request is processed, the server reconnects to the client program and the information is 
transferred to the client. This usually implies that the server is located on site as opposed to the ASP 
(Application Server Provider) architecture. 

Clinical Care Provider: Personnel or entities directly related to providing clinical care to patient. 

Clinical Data Repository (CDR): A real-time database that consolidates data from a variety of clinical 
sources to present a unified view of a single patient. It is optimized to allow clinicians to retrieve data for a 
single patient rather than to identify a population of patients with common characteristics or to facilitate 
the management of a specific clinical department. 

Clinical Decision Support System (CDSS): A clinical decision support system (CDSS) is software designed to 
aid clinicians in decision making by matching individual patient characteristics to computerized knowledge 
bases for the purpose of generating patient-specific assessments or recommendations. 
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Clinical Establishment: Clinical establishment means (1) a hospital, maternity home, nursing home, 
dispensary, clinic, sanatorium or an institution by whatever name called that offers services, facilities 
requiring diagnosis, treatment or care for illness, injury, deformity, abnormality or pregnancy in any 
recognized system of medicine established and administered or maintained by any person or body of 
persons, whether incorporated or not; or (2) a place established as an independent entity or part of an 
establishment referred to above, in connection with the diagnosis or treatment of diseases where 
pathological, bacteriological, genetic, radiological, chemical, biological investigations or other diagnostic or 
investigative services with the aid of laboratory or other medical equipment, are usually carried on, 
established and administered or maintained by any person or body of persons, whether incorporated or 
not. (Clinical Establishment Act - CEA 2010) 

Clinical Guidelines (Protocols): Clinical guidelines are recommendations based on the latest available 
evidence for the appropriate treatment and care of a patient's condition. 

Clinical Messaging: Communication of clinical information within the electronic medical record to other 
healthcare personnel. 

Coded Data: Data are separated from personal identifiers through use of a code. As long as a link exists, 
data are considered indirectly identifiable and not anonymous or anonymized. 

Code Set: Any set of codes used to encode data elements, such as tables of terms, medical concepts, medical 
diagnostic codes, or medical procedure codes. This includes both the codes and their descriptions. 

Coding: A mechanism for identifying and defining physicians' and hospitals' services. Coding provides 
universal definition and recognition of diagnoses, procedures and level of care. Coders usually work in 
medical records departments and coding is a function of billing. Medicare fraud investigators look closely 
at the medical record documentation, which supports codes and looks for consistency. Lack of consistency 
of documentation can earmark a record as "up-coded" which is considered fraud. A national certification 
exists for coding professionals and many compliance programs are raising standards of quality for their 
coding procedures. 

Computer-Based Patient Record (CPR): A term for the process of replacing the traditional paper-based 
chart through automated electronic means; generally includes the collection of patient-specific information 
from various supplemental treatment systems, i.e., a day program and a personal care provider; its display 
in graphical format; and its storage for individual and aggregate purposes. CPR is also called "digital 
medical record" or "electronic medical record". 

Computerized Patient Record (CPR): Also known as an EMR or EHR.A patient's past, present, and future 
clinical data stored in a server. 

Computerized Physician Order Entry (CPOE): A system for physicians to electronically order labs, imaging 
and prescriptions 
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CPT (Current Procedural Terminology) Code: A recognizable five-digit number used to represent a service 
provided by a healthcare provider. It is a manual that assigns five digit codes to medical services and 
procedures to standardize claims processing and data analysis. The coding system for physicians' services 
developed by the CPT Editorial Panel of the American Medical Association. 

[D] 

Data Content: All the data elements and code sets inherent to a transaction, and not related to the format of 
the transaction. 

Data: This is factual information (as measurements or statistics) used as a basis for reasoning, discussion, 
or calculation. It additionally points to the information output by a sensing device or organ that includes 
both useful and irrelevant or redundant information and must be processed to be meaningful. 

Database Management System (DBMS): The separation of data from the computer application that allows 
entry or editing of data. 

DICOM (Digital Imaging and Communications in Medicine): Digital Imaging and Communications in 
Medicine (DICOM) is a standard to define the connectivity and communication between medical imaging 
devices. 

Disease Management: A type of product or service now being offered by many large pharmaceutical 
companies to get them into broader healthcare services. Bundles use of prescription drugs with physician 
and allied professionals, linked to large databases created by the pharmaceutical companies, to treat 
people with specific diseases. The claim is that this type of service provides higher quality of care at more 
reasonable price than alternative, presumably more fragmented, care. The development of such products 
by hugely capitalized companies should be the entire indicator necessary to convince a provider of how the 
healthcare market is changing. Competition is coming from every direction —other providers of all types, 
payers, employers who are developing their own in-house service systems, the drug companies. 

Document Imaging: Isa process of converting paper documents into an electronic format usually through a 
scanning process. 

Document Management: The Document Manager allows the medical institution to store vital patient 
documents such as X-Ray's, Paper Reports, and Lab Reports etc. 

Documentation: The process of recording information. 

DOHAD: Developmental Origins of Health and Diseases 

Drug Formulary: Varying lists of prescription drugs approved by a given health plan for distribution to a 
covered person through specific pharmacies. Health plans often restrict or limit the type and number of 
medicines allowed for reimbursement by limiting the drug formulary list. The list of prescription drugs for 
which a particular employer or State Medicaid program will pay. Formularies are either "closed," including 
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only certain drugs or "open,” including all drugs. Both types of formularies typically impose a cost scale 
requiring consumers to pay more for certai n brands or types of drugs. See also Formulary. 

Drug Formulary Database: This EMR feature is used for electronic prescribing, electronic medical record 
(EMR), and computerized physician order entry (CPOE) systems to present formulary status to the 
provider while during the prescribing decision. 

DSM: Diagnostic and Statistical Manual for Mental Diseases 

[E] 

EDI: Acronym for Electronic Data Interchange. Electronic communication between two parties, generally 
for the filing of electronic claims to payers. 

EDI Translator: Used in electronic claims and medical record transmissions, this is a software tool for 
accepting an EDI transmission and converting the data into another format, or for converting a non-EDI 
data file into an EDI format for transmission. See also Electronic Data Interchange. 

EFIR/EMR System Designer, Developer, Manufacturer, Vendor, Supplier, Retailer, Re-seller: Any entity that is 
involved in the design, development, testing, manufacturing, supplying, selling including re-selling of 
Electronic Health Records or Electronic Medical Records Systems as a whole or part thereof. 

Electronic Data Interchange (EDI): The automated exchange of data and documents in a standardized 
format. In health care, some common uses of this technology include claims submission and payment, 
eligibility, and referral authorization. This refers to the exchange of routine business transactions from one 
computer to another in a standard format, using standard communications protocols. 

Electronic Health Records (EHR): The one or more repositories, physically or virtually integrated, of 
information in computer processableform, relevant to the wellness, health and healthcare of an individual, 
capable of being stored and communicated securely and of being accessible by multiple authorized users, 
represented according to a standardized or commonly agreed logical information model. Its primary 
purpose is the support of life-long, effective, high quality and safe integrated healthcare. [ISO 18308:2011] 

Electronic Medical Records (EMR): The EMR could be considered as special case of the EHR, restricted in 
scope to the medical domain or at least very much medically focused [ISO/TR 20514], The Japanese 
Association of Healthcare Information Systems (JAHIS) has defined a five-level hierarchy of the EMR; 
Departmental EMR: contains a patient's medical information entered by a single hospital department (e.g. 
pathology, radiology, pharmacy); Inter-departmental EMR: contains a patient's medical information from 
two or more hospital departments; Hospital EMR: contains a patient's clinical information from a 
particular hospital; Inter-hospital EMR: contains a patient's medical information from two or more 
hospitals; EHR: longitudinal collection of health information from all sources. [Classification of EMR 
systems,JAHIS, VI.1, Mar 1996] 

Electronic Protected Health Information (ePHI): Electronic Protected Health Information (ePHI) is any 
protected health information (PHI) that is created, stored, transmitted, or received electronically. Electronic 
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protected health information includes any medium used to store, transmit, or receive PHI electronically. 
The following and any future technologies used for accessing, transmitting, or receiving PHI electronically 
are covered. Media containing data at rest (data storage) like personal computers with internal hard drives 
used at work, home, or traveling, external portable hard drives, including iPods and similar devices, 
magnetic tape, removable storage devices, such as USB memory sticks, CDs, DVDs, and floppy disks, PDAs 
and smartphones and data in transit, via wireless, Ethernet, modem, DSL, or cable network connections, 
Email, Filetransfer. (For Protected Health Information - PHI, please see below) 

Encounter: A clinical encounter is defined by ASTM as "(1) an instance of direct provider/ practitioner to 
patient interaction, regardless of the setting, between a patient and a practitioner vested with primary 
responsibility for diagnosing, evaluating or treating the patient's condition, or both, or providing social 
worker services. (2) A contact between a patient and a practitioner who has primary responsibility for 
assessing and treating the patient at a given contact, exercising independent judgment." Encounter serves 
as a focal point linking clinical, administrative and financial information. Encounters occur in many 
different settings - ambulatory care, inpatient care, emergency care, home health care, field and virtual 
(telemedicine), [http://www.ncvhs.hhs.gov/040127pl.htm] 

Episode: An episode of care consists of all clinically related services for one patient for a discrete diagnostic 
condition from the onset of symptoms until the treatment is complete 
[http://www.ncmedsoc.org/non_members/pai/PAI-FinalWorkbookforVideo.pdf] Thus, for every new 
problem or set of problems that a person visits his clinical care provider, it is considered a new episode. 
Within that episode the patient will have one or many encounters with his clinical care providers till the 
treatment for that episode is complete. Even before the resolution of an episode, the person may have a 
new episode that is considered as a distinctly separate event altogether. Thus, there may be none, one or 
several ongoing active episodes. All resolved episodes are considered inactive. Hence they become part of 
the patient's past history. A notable point here is that all chronic diseases are considered active and may 
never get resolved during the life-time of the person, e.g., diabetes mellitus, hypertension, etc. 

EPR: Broadly defined, a personal health record is the documentation of any form of patient information- 
including medical history, medicines, allergies, visit history, or vaccinations-that patients themselves may 
view, carry, amend, annotate, or maintain. Today, when we refer to PHRs, we typically mean an online 
personal health record-which may variously be referred to as an ePHR, an Internet PHR, an Internet 
medical record, or a consumer Internet Medical Record (Cl MR). Generally, such records are maintained in a 
secure and confidential environment, allowing only the individual, or people authorized by the individual, 
to access the medical information. Not all electronic PHRs are Internet PHRs. PC-based PHRs may be setup 
to capture medical information offline. 

Evidence Based Medicine: Evidence-based medicine (EBM) is the integration of best research evidence 
with clinical expertise to aid in the diagnosis and management of patients. 

[F] 
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Family History: A list of the patient's family medical history including the chronic medical problems of 
parents, siblings, grandparents, etc. 

FHIR: Fast Health Interoperable Resources, the newest version from HL7 org for messaging. 

Formatting and Protocol Standards: Data exchange standards which are needed between CPR systems, as 
well as CPT and other provider systems, to ensure uniformity in methods for data collection, data storage 
and data presentation. Proactive providers are current in their knowledge of these standards and work to 
ensure their information systems conform to the standards. 

Formulary: An approved list of prescription drugs; a list of selected pharmaceuticals and their appropriate 
dosages felt to be the most useful and cost effective for patient care. Organizations often develop a 
formulary under the aegis of a pharmacy and therapeutics committee. In HMOs, physicians are often 
required to prescribe from the formulary. See also Drug Formulary. 

[G] 

Growth Chart: A feature for a Primary Care or EMR that can be used for pediatric patients. Age, height, 
weight, and head measurements can be entered over the patient's lifetime, and the feature creates a line 
graph. 

[H] 

Health Care Operations: Institutional activities that is necessary to maintain and monitor the operations of 
the institution. Examples include but are not limited to: conducting quality assessment and improvement 
activities; developing clinical guidelines; case management; reviewing the competence or qualifications of 
health care professionals; education and training of students, trainees and practitioners; fraud and abuse 
programs; business planning and management; and customer service. Under the HIPAA Privacy Rule, these 
are allowable uses and disclosures of identifiable information "without specific authorization." Research is 
not considered part of health care operations. 

Health Care, Healthcare: Care, services, and supplies related to the health of an individual. Health care 
includes preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and counseling, 
among other services. Healthcare also includes the sale and dispensing of prescription drugs or devices. 

Health Information: Information in any form (oral, written or otherwise) that relates to the past, present or 
future physical or mental health of an individual. That information could be created or received by a health 
care provider, a health plan, a public health authority, an employer, a life insurer, a school, a university or a 
health care clearinghouse. All health information is protected by state and federal confidentiality laws and 
by HIPAA privacy rules. 

Health Level Seven (HL7): A data interchange protocol for health care computer applications that simplifies 
the ability of different vendor-supplied IS systems to interconnect. Although not a software program in 
itself, HL7 requires that each healthcare software vendor program HL7 interfaces for its products. The 
organization is one of the American National Standards Institute accredited Standard Developing 


Page 34 





110 


File No. Q-11011 /2/2016-eGov (Computer No. 3062309 ) 
Receipt No : 289539/2016/MOHFW 


GLOSSARY 


Organization (SDO) - Health Level 7 domain is the standards for electronic interchange of clinical, financial 
and administrative info among healthcare oriented computer systems. Is a not-for-profit volunteer 
organization. It develops specifications, most widely used is the messaging standard that enables disparate 
health care applications to exchange key sets of clinical and administrative data. It promotes the use of 
standards within and among healthcare organizations to increase the effectiveness and efficiency of 
healthcare delivery. It is an international community of healthcare subject matter experts and information 
scientists collaborating to create standards for the exchange, management and integration of electronic 
healthcare information. 

Health: The state of complete physical, mental, and social well-being and not merely the absence of disease 
or infirmity. It is recognized, however, that health has many dimensions (anatomical, physiological, and 
mental) and is largely culturally defined. The relative importance of various disabilities will differ 
depending upon the cultural milieu and the role of the affected individual in that culture. Most attempts at 
measurement have been assessed in terms or morbidity and mortality. 

Healthcare provider: A health care provider is an individual or an institution that provides preventive, 
curative, promotional or rehabilitative health care services in a systematic way to individuals, families or 
communities. An individual health care provider may be a health care professional, an allied health 
professional, a community health worker, any or other person trained and knowledgeable in medicine, 
nursing or other allied health professions, or public/community health workers like , ASHA, ANM, 
midwives, paramedical staff, OT/lab/radio-diagnostic technicians, etc. An institution will include hospitals, 
clinics, primary care centers and other service delivery points of health care individual clinics, polyclinics, 
diagnostic centers, etc., i.e., any place where a medical record is generated during a patient-care provider 
encounter (in conformance to CEA 2010 - please refer to Clinical Establishment item above). It must be 
noted that any person solely performing non-clinical work is not a care provider. 

Healthcare Service Provider (HSP): see Healthcare provider 

History of Present Illness (H PI): The H PI is the history of the patient's chief complaint. 

Human Subject: Refers to a living subject participating in research about whom directly or indirectly 
identifiable health information or data are obtained or created. 

Hybrid Record: Term used for when a provider uses a combination of paper and electronic medical records 
during thetransition phase to EMR. 

[I] 

Independent Software Vendor (ISV): A company specializing in making or selling software products that 
runs on one or more computer hardware or operating system platforms. 

Immunization: A complete list of all immunizations that the patient has had. 

Informatics: The application of computer technology to the management of information. 
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Integration: Integration allows for secure communication between enterprise applications. 

Interface: A means of communication between two computer systems, two software applications or two 
modules. Real time interface is a key element in healthcare information systems due to the need to access 
patient care information and financial information instantaneously and comprehensively. Such real time 
communication is the key to managing health care in a cost effective manner because it provides the 
necessary decision-making information for clinicians, providers, other stakeholders, etc. 

International Classification of Diseases: This is the universal coding method used to document the 
incidence of disease, injury, mortality and illness. A diagnosis and procedure classification system designed 
to facilitate collection of uniform and comparable health information. The ICD-9-CM was issued in 1979. 
This system is used to group patients into DRGs, prepare hospital and physician billings and prepare cost 
reports. Classification of disease by diagnosis codified into six-digit numbers. See also coding. 

International Health Terminology Standards Development Organization (IHTSDO): Denmark-based 
organization that maintains and licenses SNOMED codes worldwide. 

Interoperability: The capability to provide successful communication between end-users across a mixed 
environment of different domains, networks, facilities and equipment. 

ISP: Internet Service Provider 

ISV (Independent Software Vendor): An independent software vendor (ISV) is a company specializing in 
making or selling software, designed for mass or niche markets. This typically applies for application- 
specific or embedded software, from other software producers. 

[J] 

J-Codes: A subset of the HCPCS Level II code set with a high-order value of "J" that has been used to identify 
certain drugs and other items. 

[L] 

LAN (Local Area Network): A LAN supplies networking capability to a group of computers in close 
proximity to each other such as in an office building, a school, or a home. 

Legacy System Integration: The integration of data between a legacy system and some other software 
program most commonly using HL-7 standards. 

Legacy Systems: Computer applications, both hardware and software, which have been inherited through 
previous acquisition and installation. Most often, these systems run business applications that are not 
integrated with each other. Newer systems which stress open design and distributed processing capacity 
are gradually replacing such systems. 

Length of Stay (LOS): The duration of an episode of care for a covered person. The number of days an 
individual stays in a hospital or inpatient facility. May also be reviewed as Average Length of Stay (ALOS). 
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LEPR (Longitudinal Patient Record): Longitudinal Patient Record is an EHR that includes all healthcare 
information from all sources. 

[ M ] 

Management Information System (MIS): The common term for the computer hardware and software that 
provides the support of managing the plan. 

Master Patient / Member Index: An index or file with a unique identifier for each patient or member that 
serves as a key to a patient's or member's health record. 

Maximum Defined Data Set: All of the required data elements for a particular standard based on a specific 
implementation specification. An entity creating a transaction is free to include whatever data any receiver 
might want or need. The recipient is free to ignore any portion of the data that is not needed to conduct 
their part of the associated business transaction, unless the inessential data is needed for coordination of 
benefits. 

MCI: Medical Council of India 

Medical Code Sets: Codes that characterize a medical condition or treatment. These code sets are usually 
maintained by professional societies and public health organizations. Compare to administrative code sets. 

Medical Informatics: Medical informatics is the systematic study, or science, of the identification, collection, 
storage, communication, retrieval, and analysis of data about medical care services to improve decisions 
made by physicians and managers of health care organizations. Medical informatics will be as important to 
physicians and medical managers as the rules offinancial accounting areto auditors. 

Medical Management Information System (MMIS): A data system that allows payers and purchasers to 
track health care expenditure and utilization patterns. It may also be referred to as Health Information 
System (HIS), Health Information Management (HIM) or Information System (IS). See also Electronic 
Medical Record (EMR). 

Metadata and Date Standard (MDDS) - A set of data elements and their specification for use in certain 
domain, such as health, e-governance. 

MIMS: Monthly Index of Medical Specialties 

Minimum Data Set: The minimum set of data elements that must be captured, stored, made available for 
retrieval, presentation, relay and sharing by an EHR system. It comprises of all of the essential data 
elements required for implementation. An entity creating a transaction must include the mandatory data 
elements at all times and is free to exclude optional data elements. The entity is free to additionally include 
whatever other data elements that any receiver might want or need. The recipient is free to ignore any 
portion of the data that is not mandatory and is further free to ignore any other portion of the data that is 
not needed to conduct their part of the associated transaction, unless required by sender, intermediaries or 
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receiver. This minimum data set represents the most common data, and system designers are at liberty to 
add to it as they deem necessary to enrich or enhance their EHR systems. 

Modifier: Additional character of a code added to an existing code that is used to help in extending or 
localization of the existing code. 

[N ] 

NANDA: North American Nursing Diagnosis Association 

National Council for Prescription Drug Programs: An ANSI-accredited group that maintains a number of 
standard formats for use by the retail pharmacy industry. 

NEMA: The National Electrical Manufacturers Association (NEMA) is the association of electrical 
equipment and medical imaging manufacturers,founded in 1926 and headquartered in Rosslyn, Virginia. 

Non-Participating Physician (or Provider): A provider, doctor or hospital that does not sign a contract to 
participate in a health plan, usually which requires reduced rates from the provider. In the Medicare 
Program, this refers to providers who are therefore not obligated to accept assignment on all Medicare 
claims. In commercial plans, non-participating providers are also called out of network providers or out of 
plan providers. If a beneficiary receives service from an out of network provider, the health plan (other 
than Medicare) will pay for the service at a reduced rate or will not pay at all. 

[ 0 ] 

Open Access: A term describing a member's ability to self-refer for specialty care. Open access 
arrangements allow a member to see a participating provider without a referral from another doctor. 
Health plan members' abilities, rights or invitation to self refer for specialty care. Also called Open Panel. 

openEHR: openEHR is an open standard specification in health informatics that describes the management 
and storage, retrieval and exchange of health data in electronic health records (EHRs). In openEHR, all 
health data for a person is stored in a "one lifetime", vendor-independent, person-centered EHR. 
Maintained by the openEHR Foundation, these are based on a combination of 15 years of European and 
Australian research and development into EHRs and new paradigms, including what has become known as 
the archetype methodology for specification of content and include information and service models for the 
EHR, demographics, clinical workflow and archetypes. They are designed to be the basis of a medico-legally 
sound, distributed, versioned EHR infrastructure. 

OR: Operating Room - synonymousto OT as below 

OT: Operation Theatre 

OTC: Over the counter (drugs). Refers to those drugs that are available off the shelf without any 
prescription or advise from a registered medical practitioner 
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Outcome: A clinical outcome is the "change in the health of an individual, group of people or population 
which is attributable to an intervention or series of interventions". (Taken from: Frommer, Michael; Rubin, 
George; Lyle, David (1992)."The NSW Health Outcomes program". New South Wales Public Health Bulletin 
3: 135. doi:10.1071/ NB92067) 

Outpatient Care: Care given a person who is not bedridden. It is also called ambulatory care. Many 
surgeries and treatments are now provided on an outpatient basis, while previously they had been 
considered reason for inpatient hospitalization. Some say this is the fastest growing segment of healthcare 

[P] 

Participating Physician: A primary care physician in practice in the payer's managed care service area who 
has entered into a contract. 

Past History: A list of a patient's past health problems, surgeries and specialists. 

Patient Demographics: All patient's pertinent information such as first and last name, SSN, DOB, insurance, 
etc. 

Patient Portal: A secure web-based system that allows a patient to register for an appointment, schedule an 
appointment, request prescription refills, send and receive secure patient-physician messages, view iab 
results, pay their bills electronically, access physician directories. 

Patient: A person who is under medical care or treatment 

PC Based: A program designed to run on an individual PC. This typically means data is not shared in real 
time among other PCs (users). 

PCP: Primary care physician who often acts as the primary gatekeeper in health plans. That is, often the 
PCP must approval referrals to specialists. Particularly in HMOs and some PPOs, all members must choose 
or are assigned a PCP. 

PHR: A personal health record or PHR is typically a health record that is initiated and maintained by an 
individual. An ideal PHR would provide a complete and accurate summary of the health and medical 
history of an individual by gathering data from many sources and making this information accessible 
online. 

Picture Archive Communication System (PACS): Used by radiology and diagnostic imaging organizations to 
electronically manage information and images 

Practice Parameters, Practice Guidelines: Systematically developed statements to standardize care and to 
assist in practitioner and patient decisions about the appropriate health care for specific circumstances. 
Practice guidelines are usually developed through a process that combines scientific evidence of 
effectiveness with expert opinion. Practice guidelines are also referred to as clinical criteria, protocols, 
algorithms, review criteria, and guidelines. The American Medical Association defines practice parameters 
as strategies for patient management, developed to assist physicians in clinical decision-making. Practice 
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parameters may also be referred to as practice options, practice guidelines, practice policies, or practice 
standards. 

Prescription Drug: Drug that the law says can only be obtained by prescription. 

Primary Care Physician: A "generalist" such as a family practitioner, pediatrician, internist, or obstetrician. 
In a managed care organization, a primary care physician is accountable for the total health services of 
enrollees including referrals, procedures and hospitalization. Also see Primary Care Provider. 

Primary Care Provider: The provider that serves as the initial interface between the member and the 
medical care system. The PCP is usually a physician, selected by the member upon enrollment, who is 
trained in one of the primary care specialties who treats and is responsible for coordinating the treatment 
of members assigned to his/her plan. 

Primary Care: Basic or general health care usually rendered by general practitioners, family practitioners, 
internists, obstetricians and pediatricians who are often referred to as primary care practitioners or PCPs. 
Professional and related services administered by an internist, family practitioner, obstetrician- 
gynecologist or pediatrician in an ambulatory setting, with referral to secondary care specialists, as 
necessary. 

Principal Diagnosis: The medical condition that is ultimately determined to have caused a patient's 
admission to the hospital. The principal diagnosis is used to assign every patient to a diagnosis related 
group. This diagnosis may differ from the admitting and major diagnoses. 

Privacy Standards: The Privacy standards restrict the use & disclosure of individually identifiable health 
information. Privacy standard applies to all protected health information may it is in physical or electronic 
form. 

Privacy: Privacy means an individual's interest in limiting who has access to personal health care 
information. Specific patient authorization is required for use and disclosure of clinical notes. As per 
Fernando & Dawson, 2009, privacy is control of access to private information avoiding certain kinds of 
embarrassment and can be shared or not shared with others; Only authorized (by the patient) people can 
view the recorded data or part thereof 

Progress Note: The documentation of a patient visit or encounter including all or part of the SOAP format. 

Protected health information (PHI): Any individually identifiable information whether oral or recorded in 
any form or medium that is created, or received by a health care provider, health plan or health care 
Healthcare provider and relates to past, present, or future physical or mental health conditions of an 
individual; the provision of health care to the individual; or past, present, or future payment for health care 
to an individual. 

[R] 
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Real Time: The instantaneous sharing of data among a user group. It is common to a client/server database 
configuration. 

Reference Model (RM): 

Referral: Some insurance companies require that on specific plans a referral must be obtained for certain 
procedures or visits to specialists. The referral is acquired by the primary care physician (PCP) by 
contacting the insurance company by phone or mail. This is a request for the service. The referral consists 
of an authorization code, a number of visits allowed (if applicable) and an expiration date. 

Referring Provider: is the provider that referred the patient to a specialist or for a specific procedure. 

Regenstrief: The Regenstrief Institute is an international non-profit medical research organization 
associated with Indiana University. It produces and maintains LOINC codes. 

Relational Database: A database program that stores data in a manner similar to Excel, with the difference 
being the data elements are related (linked) to each other. 

Remote Access: Data travels through a private, protected passage via the Internet, allowing healthcare 
providers to access from home or another practice location and allows EMR vendor to perform system 
maintenance off-site 

Rendering/ Performing Provider: The provider actually treating the patient. 

Roles and Access Levels: The role and access level of the user needs to be determined and set by the system 
administrator. The role determines the access level. While roles may be such as system administrator, 
medical doctor, registered nurse, medical student, medical assistant, nurse assistant, ancillary nurse, health 
worker, Anganwadi worker (grass-root health worker), etc., the access levels may include viewing only, 
viewing/adding/editing only, viewing/adding/editing/deleting, all allowed etc. These need to be set out 
clearly in the SOP of the facility. 

ROS (Review of Systems): A series of questions related to the system(s) that the patient is having 
complaints about (i.e. respiratory for cold symptoms). 

RxNorm: RxNorm is the name of a US-specific terminology in medicine that contains all medications 
available on US market; it provides normalized names for clinical drugs and links its names to many of the 
drug vocabularies commonly used in pharmacy management and drug interaction software. 


[S] 

Secondary Care: Services provided by medical specialists who generally do not have first contact with 
patients (e.g., cardiologist, urologists, dermatologists). In the U.S., however, there has been a trend toward 
self-referral by patients for these services, rather than referral by primary care providers. This is quite 
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GLOSSARY 


different from the practice in England, for example, where all patients must first seek care from primary 
care providers and are then referred to secondary and/ or tertiary providers, as needed. 

Security Standards: The Security Standards require measures to protect the confidentiality, integrity and 
availability of e-PHI while it's being stored & exchanged.The security standard applies to all electronic PHI. 

Security: This refers to the methods and techniques adopted to protect privacy and are a defense 
mechanism from any attack (Hong et al., 2004) 

SNOMED: Systemized Nomenclature of Medicine Clinical Terms is the universal health care terminology. It 
is comprehensive and covers procedures, diseases, and clinical data. SNOMED CT helps to structure and 
computerize the medical record. It allows for a consistent way of indexing, storing, retrieving and 
aggregating clinical data across sites ofcare(i.e. hospitals, doctors offices) and specialties. By standardizing 
the terminology, the variability in the way data is captured, encoded and used for clinical care of patients 
and research is reduced. Allows for more accurate reporting of data. It is currently available in English, 
Spanish and German. 

Social History: A description of a patient's social habits and history including marital status, alcohol and 
drug use and exercise habits. 

Solo Practice, Solo Practitioner: A physician who practices alone or with others but does not pool income or 
expenses. This form of practice is becoming increasingly less common as physicians band together for 
contracting, overhead costs and risk sharing. 

SOP: Standard operating procedures or protocols 

SQL: Structured Query Language - is a computer language aimed to store, manipulate and retrieve data 
stored in relational databases. 

SDO: Standards Development Organization - an organization responsible for development and 
maintenance of a standard or several, usually run on a not-for-profit basis. 

Subjective: Section in a progress note where a patient's account of their current problem is documented. 
Consists of chief complaint, HPI and ROS. 

Sx: Abbreviation for symptoms 


[T] 

Tl, T3 line: A high-speed internet connection provided via telephone lines often used by businesses 
needing internet connection speeds greater than DSL/Cable. 

Therapeutic Alternatives: Strong Drug products that provide the same pharmacological or chemical effect 
in equivalent doses. Also see Drug Formulary. 
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GLOSSARY 


TPA: Third Party Administrator 

Treatment Episode: The period of treatment between admission and discharge from a modality, e.g., 
inpatient, residential, partial hospitalization, and outpatient, or the period of time between the first 
procedure and last procedure on an outpatient basis for a given diagnosis. Many healthcare statistics and 
profiles use this unit as a base for comparisons. 

Treatment: The provision of health care by one or more health care providers. Treatment includes any 
consultation, referral or other exchanges of information to manage a patient's care. 

[V] 

Vital Statistics: Statistics relating to births (natality), deaths (mortality), marriages, health, and disease 
(morbidity). Vital statistics for the United States are published by the National Center for Health Statistics. 
Vital statistics can be obtained from CDC, state health departments, county health departments and other 
agencies. An individual patient's vital statistics in a health care setting may also refer simply to blood 
pressure, temperature, height and weight, etc. 

VPN: Virtual Private Network - A VPN "tunnel" is a secure connection, typically firewall to firewall that 
provides for remote access to your data server. 

[W] 

WHO: The World Health Organization is a specialized agency of the United Nations that is concerned with 
international public health. 

[X] 

XML (Extensible Markup Language): Used for defining data elements on a Web page and communication 
between two business systems. Example: Standard messaging system for and EMR to integrate with 
another software such as a practice management or drug formulary database. 
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CONTACT INFORMATION 


Contact Information 

e-Governance Division 

Department of Health & Family Welfare 

Ministry of Health & Family Welfare 
Gover n m ent of I n d i a 

mohfw.nic.in 

Implementation specific queries may be referred to: 

National Release Center (NRC) 

VC&BA, Centre for Development of Advanced Computing (C-DAC) 

Savitribai Phule Pune University Campus 

Ganeshkhind Road 

Pune- 411007 

Email: nrc-help@cdac.in 

http://www.snomedctnrc.in 
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Subject: Minutes of the Third Meeting of the Electronic Health Record (EHR) 
Standards Review Committee held on 24 th February, 2016 

The third meeting of ‘EHR Standards Review Committee’ was held on 24th 
February, 2016 at 11:00 A.M. in the Room No.406, A -Wing, Nirman Bhawan, 
Ministry of Health & Family Welfare under the chairmanship of Shri Sunil Sharma, 
JS (eGovernance). Representatives from DCGI office attended the meeting as special 
invitees. The list of participants is placed at Annexure - A. 

2. Shri Sunil Sharma, JS (eGov) welcomed the participants. He thereafter 
requested Shri Jitendra Arora, Director (eGov) to start the proceedings. 

3. Director (eGov) briefed the participants about the progress made so far & 
requested the committee members to share their opinions on the comments 
received on the draft revisions proposed in EHR Standards (2013). The draft 
revisions were discussed in the last meeting held on 14th December, 2015. 


4. The comments obtained from the members were discussed in the meeting 
and clarified by Shri B.S. Bedi and Shri S.B. Bhattacharya. It was opined that some 
of the standards related to statistical data exchange, health information exchange 
etc. such as SDMX (Statistical Data and Metadata exchange), Open MPI (Master 
patient Index), Open HIE architecture etc. may be referred to as appropriate. 


5. JS (e Gov) enquired about the availability of comprehensive Drug directory 
for use in EHR system. The representatives from DCGI office informed the chair 
that the states have database of drugs but the same may not be readily available in 
electronic format. 


6. It was informed by Shri B.S. Bedi that iNRC, CDAC, Pune is working on 
creation of drug database required for use in EHR system. DCGI office may be 
requested to provide the available drug database information to iNRC. 
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7. Based on detailed discussions, the following decisions were taken in the 
meeting: 

• The Committee approved the Draft Revised EHR Standards (Copy at 
Annexure B). It was decided that Draft Standards may be placed in public 
domain for a period of 30 days with the approval of competent authority. 

• FICCI may be requested to manage secretarial tasks for collation, review 
etc. of comments / suggestions received from public domain and 
presentation of the same to committee. 

• DCGI office may provide the drug directory structure and details to 
eGovernance Division on attributes such as brand name, generic name, 
formulation, side effects etc. 


The meeting ended with vote of thanks to the chair and the participants. 
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Annexure - A 


List of Participants: 

1. Shri Sunil Sharma, JS, MoHFW.... Chairman 

2. Shri Jitendra Arora,Director(eGov),MoHFW 

3. Shri Sunil Kumar, STD (NIC), MoHFW 

4. Dr S B Bhattacharya, Head(Health Informatics), TCS 

5. Shri B S Bedi, Adviser,CDAC 

6. Prof S N Sarbadhikari, Project Director,CHI of NHP, NIHFW 

7. Dr Karanvir Singh, CMIO, Apollo Hospitals 

8. Shri Rajesh Narwal, Technical Officer,WHO 

9. Shri Chandrasen, PL (ePMU), MoHFW 

10.Shri Bhanu Prakash, Consultant eGov, MoHFW 
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F.No Q-11011/3/2015-eGov 
Government of India 


Ministry of Health & Family Welfare 
(e-Governance Division) 



New Delhi, dated the March, 2016 


NOTICE 


Subject: Placing the Electronic Health Record (EHR) Standards for India on public 

domain for comments/views-reg. 

In 2013, Ministry of Health and Family Welfare notified Electronic Health 
Records (EHR) Standards for India. The set of Standards given therein were chosen from the 
best available and used standards applicable to EHRs from around the world keeping in view 
their suitability and applicability in India. Now these Standards have been improvised and 
made according to the ever changing need of the mass. Accordingly, the revised EHR 
Standards for India which has been notified in February, 2016 have been placed in public 
domain with a view to elicit comments/views of the stakeholders including the general 
public. 


The comments/views may be forwarded to Director (e-Governance Division), 
Ministry of Health and Family Welfare, Room No 307-D, Nirman Bhawan, New Delhi-110108 
or emailed at jitendra.arora@gov.in on or before 20 th April, 2016. 



(Jitendra Arora) 
Director 
MoHFW 
Phn No. 23062317 
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Govern merit of India 

Ministry of Health and Family Welfare 

Department of Health and Family Welfare 

Nirman Bhawan, New Delhi-110108 


CIRCULAR 

Government of India intends to introduce a uniform system for 
maintenance of Electronic Medical Records / Electronic Health 
Records (EMR / EHR) by the Hospitals and healthcare providers in 
the country. An Expert Committee was set up to develop EMR / EHR 
Standards for adoption /implementation in the country. Draft 
EMR/EHR Standards were hosted on the website of the Ministry 
soliciting comments from the stakeholders and general public. After 
due consideration of the recommendations of the Committee and 
the comments received thereon, the ‘ Electronic Health Record 
Standards for India’ have been finalised and approved by the 
Ministry of Health and Family Welfare, Government of India. 

A copy of the above document is placed herewith for 
information of all healthcare providers, medical professionals and 
other stakeholders for adoption and implementation in the 
healthcare institutions across the country in public interest. 


******* 
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1. EXECUTIVE SUMMARY 

Healthcare systems are highly complex, fragmented and use multiple information technology systems. 
With vendors incorporating different standards for similar or same systems, it is little wonder that all¬ 
round inefficiency, waste and errors in healthcare information and delivery management are all too 
commonplace an occurrence. Consequently, a patient's health information often gets trapped in silos of 
legacy systems, unable to be shared with members of the healthcare community. These are some of the 
several motivations driving an effort to encourage standardization, integration and electronic 
information exchange amongst the various healthcare providers. 

The study termed as Developmental Origins of Health and Diseases or DOHAD has successfully proven 
the importance of developmental records of individuals in predicting and/or explaining the diseases that 
a person is suffering from. In the current largely paper-based health records world, invaluable data is 
more often than not unavailable at the right time in the hands of the clinical care providers to permit 
better care. This is largely due to the inefficiencies inherent in the paper-based system. In an electronic 
world, it is very much possible, provided certain important steps are taken beforehand, to ensure the 
availability of the right information at the right time. 

In order to be meaningful, the health record of an individual needs to be from conception (better) or 
birth (at the very least). As one progresses through one's life, every record of every clinical encounter 
represents an event in one's life. Each of these records may be insignificant or significant depending on 
the current problems that the person suffers from. Thus, it becomes imperative that these records be 
arranged chronologically to provide a summary of the various clinical events in the lifetime of a person. 

Electronic health records are a summary of the various electronic medical records that get generated 
during any clinical encounter. Without standards, a lifelong summary is not possible as different records 
from different sources spread across ~80+ years will potentially need to be brought into one summary. 
To achieve this, a set of pre-defined standards for information exchange that includes images, clinical 
codes and a minimum data set is imperative. 

The health data is owned by the patient while the actual records are owned by the care providers who 
act as the custodians of the data. For creation of a true electronic health record of an individual it is 
imperative that all clinical records created by the various care providers that a person visits during 
his/her lifetime be stored in a central clinical data repository or at least be shareable through the use of 
interoperable standards. Adequate safeguards to ensure data privacy and security must strictly be 
adhered to at all times. Patients must have the privilege to verify the accuracy of their health data and 
gain access whenever they wish to do so. 

While any vendor may choose to have any additionally relevant information captured and presented, all 
must conform to the MDS. A short reference section and a detailed section of acronyms, definitions and 
glossary are added for everyone's benefit. 

It must be noted that these standards must not be considered either in isolation or being 
"etched in stone for all eternity". These will undergo periodic (at a maximum of 24 month 
interval) review and update as necessary. This standards document is a " living document". 
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2. INTEROPERABILITY AND STANDARDS 

The recommendations outlined in this section are an incremental approach to adopting standards, 
implementation specifications, and criteria to enhance the interoperability, functionality, utility, and 
security of health information technology and to support its widespread adoption. It is to be kept in 
mind that these standards should be flexible and modifiable to adapt to the demographic and resource 
variance observed in a large and developing country like India. 

It is important to recognize that interoperability and standardization can occur at many different levels. 
To achieve interoperability, information models would need to be harmonized into a consistent 
representation. 

In other cases, organizations may use the same information model, but use different vocabularies or 
code sets (for example, Systematized Nomenclature of Medicine Clinical Terms (SNOMED CT®) or ICD10- 
CM within those information models. To achieve interoperability at this level, standardizing 
vocabularies, or mapping between different vocabularies (using tools like Unified Medical Language 
System (UMLS)) may be necessary. For some levels, (such as the network transport protocol), an 
industry standard that is widely used (e.g. TCP/IP - TransmissionControl Protocol and Internet Protocol) 
will likely be the most appropriate. Ultimately, to achieve semantic interoperability, it is anticipated that 
multiple layers - network transportation protocols, data and services descriptions, information models, 
and vocabularies and code sets - will need to be standardized and/or harmonized to produce an 
inclusive, consistent representation of the interoperability requirements. 

It is further anticipated that using a harmonization process will integrate different representations of 
health care information into a consistent representation and maintain and update that consistent 
representation over time. For an information model, this process could include merging related 
concepts, adding new concepts, and mapping concepts from one representation of health care 
information to another. Similar processes to support standardization of data and services descriptions 
and vocabularies and codes sets may also be needed. 

It is also recognized that a sustainable and incremental approach to the adoption of standards will 
require processes for harmonizing both current and future standards. This will allow the incremental 
updating of the initial set of standards, implementation specifications, and certification criteria and 
provide a framework to maintain them. The decision to adopt such updates will be informed and guided 
by recommendations from an appropriate authority akin to a National Health Information Authority. 

Goals 

• Promote interoperability and where necessary be specific about certain content exchange and 
vocabulary standards to establish a path forward toward semantic interoperability 

• Support the evolution and timely maintenance of adopted standards 

• Promote technical innovation using adopted standards 

• Encourage participation and adoption by all vendors and stakeholders 

• Keep implementation costs as low as reasonably possible 

• Consider best practices, experiences, policies and frameworks 

• To the extent possible, adopt standards that are modular and not interdependent. 
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Categories for adoption of standards 
Vocabulary Standards 

(i.e., standardized nomenclatures and code sets used to describe clinical problems and procedures, 
medications, and allergies) 

This is to be achieved through the extensive use of Controlled Medical Vocabularies (CMV) that is 
detailed as follows: 

a) Logical Observation Identifiers Names and Codes (LOINC®): A universal code system for identifying 
laboratory and clinical observations. From serum levels of hepatitis B surface antigen to diastolic 
blood pressure, LOINC has standardized terms for all kinds of observations and measurements that 
enable exchange and aggregation of electronic health data from many independent systems. It was 
developed to provide a definitive standard for identifying clinical information in electronic reports. 
The LOINC database provides a set of universal names and ID codes for identifying laboratory and 
clinical test results in the context of existing HL7, ASTM E1238, and CEN TC251 observation report 
messages. One of the main goals of LOINC is to facilitate the exchange and pooling of results for 
clinical care, outcomes management, and research. LOINC codes are intended to identify the test 
result or clinical observation. Other fields in the message can transmit the identity of the source 
laboratory and special details about the sample. It has since been reported that the Regenstrief 
Institute Inc. and the International Health Terminology Standards Development Organisation 
(IHTSDO) have signed a long-term agreement to begin cooperative work linking their leading global 
health care terminologies: Logical Observation Identifiers Names and Codes, or LOINC, and SNOMED 
Clinical Terms. 

b) International Classification of Diseases (ICD10): The ICD is the international standard diagnostic 
classification for all general epidemiological, many health management purposes and clinical use. 

c) Systematized Nomenclature of Medicine-Clinical Terms (SNOMED-CT): is a comprehensive clinical 
terminology, originally created by the College of American Pathologists (CAP) and owned, 
maintained, and distributed by the International Health Terminology Standards Development 
Organization (IHTSDO), a non-for-profit association in Denmark. 

d) Current Procedural Terminology, 4th Edition (CPT 4): The CPT-4 is a uniform coding system 
consisting of descriptive terms and identifying codes that are used primarily to identify medical 
services and procedures furnished by physicians and other health care professionals. 

e) ATC - Anatomic Therapeutic Chemical Classification of Drugs: is used for the classification of drugs. 
It is controlled by the WHO Collaborating Centre for Drug Statistics Methodology (WHOCC), and was 
first published in 1976. This pharmaceutical coding system divides drugs into different groups 
according to the organ or system on which they act and/or their therapeutic and chemical 
characteristics. Each bottom-level ATC code stands for a pharmaceutically used substance in a single 
indication (or use). This means that one drug can have more than one code: acetylsalicylic acid 
(aspirin), for example, has A01AD05 as a drug for local oral treatment, B01AC06 as a platelet 
inhibitor, and N02BA01 as an analgesic and antipyretic. On the other hand, several different brands 
share the same code if they have the same active substance and indications. 

Content Exchange Standards 

(i.e., standards used to share clinical information such as clinical summaries, prescriptions, and 
structured electronic documents) 

a) Health Level Seven (HL7) Clinical Document Architecture: is an XML-based mark-up standard 
intended to specify the encoding, structure and semantics of clinical documents for exchange. CDA 
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is being used also in electronic health records projects to provide a standard format for entry, 
retrieval and storage of health information 

b) HL7 2.5.1: defines a series of electronic messages to support administrative, logistical, financial as 
well as clinical processes and mostly uses a textual, non-XML encoding syntax based on delimiters. 
HL7 v2.x has allowed for the interoperability between electronic Patient Administration Systems 
(PAS), Electronic Practice Management (EPM) systems, Laboratory Information Systems (LIS), 
Dietary, Pharmacy and Billing systems as well as Electronic Medical Record (EMR) or Electronic 
Health Record (EHR) systems 

c) Continuity of Care Record (CCR) is a health record standard specification developed jointly by ASTM 
International, the Massachusetts Medical Society (MMS), the Healthcare Information and 
Management Systems Society (HIMSS), the American Academy of Family Physicians (AAFP), the 
American Academy of Pediatrics (AAP), and other health informatics vendors. It is a core data set of 
the most relevant administrative, demographic, and clinical information facts about a patient's 
healthcare, covering one or more healthcare encounters. It provides a means for one healthcare 
practitioner, system, or setting to aggregate all of the pertinent data about a patient and forward it 
to another practitioner, system, or setting to support the continuity of care. The primary use case 
for the CCR is to provide a snapshot in time containing the pertinent clinical, demographic, and 
administrative data for a specific patient. To ensure interchange ability of electronic CCRs, this 
specification specifies XML coding that is required when the CCR is created in a structured electronic 
format. Conditions of security and privacy for a CCR instance must be established in a way that 
allows only properly authenticated and authorized access to the CCR document instance or its 
elements. The CCR consists of three core components: the CCR Header, the CCR Body, and the CCR 
Footer. 

d) Digital Imaging and Communications in Medicine (DICOM): The DICOM Standards Committee exists 
to create and maintain international standards for communication of biomedical diagnostic and 
therapeutic information in disciplines that use digital images and associated data. The goals of 
DICOM are to achieve compatibility and to improve workflow efficiency between imaging systems 
and other information systems in healthcare environments worldwide. DICOM currently defines an 
upper layer protocol (ULP) that is used over TCP/IP (independent of the physical network), 
messages, services, information objects and an association negotiation mechanism. These 
definitions ensure that any two implementations of a compatible set of services and information 
objects can effectively communicate. 

Clinical Standards 

Clinical standards are health information standards to capture a patient's health information in a more 
coherent manner. This health information can include all or part thereof as relevant of the following: 

• The illness a patient is suffering from 

• The physician's observation of the patient's illness 

• The diagnostic tests that need to be carried out to ascertain the patient's illness and to give the 
patient better treatment 

• The results of the diagnostic tests 

• The kind of treatment to be given to the patient 

• The way the treatment should be given to the patient 
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RECOMMENDED HEALTHCARE IT STANDARDS (FOR INDIA) 


Name 

Class 

Comments 

Phase 1 



UHID 

Unique Health Identifier - to 
act as Patient Identifier 

UID as a unique (primary or 

secondary) patient identifier. The 
UID should be used to identify a 
particular patient across all 

organizations (and their EMR 

systems); Aadhar number is 

recommended for use in EMR as 
either the primary or secondary, 
where the primary is an internal 
unique health identifier used by the 
healthcare provider organisation. 

CCD (HL7/ASTM) 

Clinical Data for Inter 

Department documents (the 
CDA CCD) 

Likely to be used for exchanging the 
clinical documentation between two 

EHR solutions both within an 
organisation and outside 

ATC Pharmacologic- 
Therapeutic Classification 

Indian Drugs - Ml MS/C IMS 
from CMPmedica 

Medicines 

Needs to be researched as there is 
no universal drug reference 
database. The WHO Drug Dictionary 
ATC - anatomic therapeutic 
classification - may be a good choice 
to begin with 

LOINC 

Clinical Laboratory 

Observations 

Published and maintained by the 
Regenstrief Institute, USA, this is a 
universally accepted code for 
laboratory observations 

HL7 V2.x 

Messaging 

V2.3 or above 

HL7 V3.0 RIM 

Reference Information Model 

Intermediate recommendation; to 
be replaced with HL7 FHIR when it is 
accepted by BIS/HL7-lndia 

DICOM PS3.0 

Medical Images 

Revision 2004 

ISO 18308 

Reference EHR Requirements 
Specification 

The latest version 

CEN/TC 251 EN 13606 

Reference Model & Archetypes 

The latest version 

SNOMED-CT 

Clinical Terminology 

Provide comprehensive clinical 
granularity, used to capture problem 
list, allergies, diagnosis, procedures 
etc. - will immensely aid in clinical 
analytics, clinical decision support 
systems, automated clinical care 
pathway management systems, 
support evidence based practice, 
etc. 
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WHO ICD 10 

Disease classification 

WHO is actively working with 
IHTSDO to converge SNOMED-CT 
with ICD 

WHO-PCS 

Procedure coding system 


WHO-ICF 

International classification of 
functioning, disability & health 


Phase 2 



DSM 

Psychiatric conditions 

Diagnostic & statistical manual of 
mental disorders 

NIC/NOC/NANDA 

Nursing interventions 

classification 

This is optional 

CDT 2, US 

Dental Procedures 

This is optional 

ICTM 

International Classification of 

Traditional Medicine 

Ayurveda, Yoga, Unani, Siddha, 
Homeopathy systems of medicine as 
distinct from the allopathic 
(Western) system of medicine 

Table 1: HCIT Standards (app 

licable in India) 


For all recommended standards, the most recent release of the standard by BIS (or source body where 
BIS has not specified) as on date of enforcement of these recommendation are to be used unless 
specifically mentioned here. 

Related Issues 

• Unique Identification 

• Interoperability / Sharing 

• Integrated systems require consistent use of standards in e.g. medical terminologies and high 
quality data to support information sharing across wide networks 

• Ethical, legal and technical issues linked to the accuracy, security confidentiality and access rights. 

• Common record architectures, structures 

• Clinical information standards and communications protocols 

International Standards Organization and Bureau of Indian Standards 

India is a voting member of ISO's Technical Committee 215 for Health Informatics. As such, the country 
is duty-bound to adopt and enforce all adopted standards that she had voted in favour. 

The following list of such ISO standards and technical specifications that will need to be referred to 
when designing EHR Systems for India. Needless to say, this list is very dynamic as older standards get 
subsequently replaced by newer ones. 

Consequently, it is advisable to refer to BIS website to source documents pertaining to Health 
Informatics Sectional Committee - MHD 17 for the latest standards currently in force. 

These documents must be seen to be as additional reference materials. Thus, wherever additional 
information is required for proper designing of an EHR/EMR System, these documents may be used for 
reference purposes to derive additional guidelines. 
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Please note: 

• Wherever the provisions of the EHR Standards are in conflict with any other, these EHR Standards 
will always prevail. 

• The following list is indicative and representive and not comprehensive and definitive. 

Standards (the latest version) that are to additionally be incorporated : 


S. No. 

Doc No 

Description 

1 

ISO 21090: 2011 

Flarmonized data types for information interchange 

2 

ISO 12967: 2009 

Health Informatics Service Architecture (Parts 1 - 3) 

3 

ISO TS 22220: 

2011 

Identification of subjects of health care 

4 

ISO TS 27527: 

2010 

Provider identification 

5 

ISO TS 14265 

Classification of purposes for processing personal health information 

6 

ISO 13940 

System of concepts to support continuity of care 

7 

ISO 13972 

Detailed Clinical Models 

8 

ISO 20301:2006 

Health informatics-Flealth Cards-General Characteristics 

9 

ISO DIS 22857 

Health informatics - Guidelines on data protection to facilitate trans- 
border flows of personal health data 

10 

ISO/TS 

22220:2008(E) 

Health informatics — Identification of subjects of health care 

11 

ISO 13606-1 

Health informatics — Electronic health record communication — Part 

l:Reference model 

12 

ISO DIS 13119 

Health informatics — Clinical knowledge resources — Metadata 

13 

ISO DIS 22600-1 

Health informatics — Privilege management and access control — Part 1: 
Overview and policy management 

14 

ISO DIS 22600-2 

Health informatics — Privilege management and access control — Part 2: 
Formal models 

15 

ISO DIS 22600-3 

Health informatics — Privilege management and access control — Part 3: 
Implementations 

16 

ISO DTS 14441 

Health informatics — Security and privacy requirements of EHR systems 
for use in conformity assessment 

17 

ISO FDIS 17090- 

1 

Health informatics — Public key infrastructure — Part 1: Overview of 
digital certificate services 

18 

ISO FDIS 21549- 

1 

Health informatics — Patient healthcard data — Part 1: General structure 

19 

ISO DIS 13940 

Health informatics — System of concepts to support continuity of care 


Table 2: Additional ISO Standards 
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Standards that have already been taken into consideration within this standards document: 


S. No. 

Doc No 

Description 

1 

ISO DIS 1828 

Health informatics — Categorial structure for classifications and coding 
systems of surgical procedures 

2 

ISO DIS 11616 

Health informatics — Identification of medicinal products — Data 
elements and structures for unique identification and exchange of 
regulated pharmaceutical product information 

3 

ISO DIS 11615 

Health informatics — Identification of medicinal products — Data 
elements and structures for unique identification and exchange of 
regulated medicinal product information 

4 

ISO DIS 11240 

Health informatics — Identification of medicinal products — Data 
elements and structures for the unique identification and exchange of 
units of measurement 

5 

ISO DIS 11238 

Health informatics — Identification of medicinal products — Data 
elements and structures for the unique identification and exchange of 
regulated information on substances 

6 

ISO FDIS 21090 

Health informatics — Harmonized data types for information interchange 

7 

ISO DIS 27789.2 

Health informatics — Audit trails for electronic health records 

8 

ISO 27932: 2009 

HL7 Clinical Document Architecture, Release 2 

9 

ISO TS 22600: 

2006 

Privilege management and access control (Parts 1-3) 

10 

ISO 27799:2008: 

Health informatics — Information security management in health using 

ISO/I EC 27002 

11 

ISO 17115:2007 

Health Informatics-Vocabulary for terminological systems 

12 

ISO 17115:2007 

Health Informatics-Vocabulary for terminological systems 

13 

ISO 12052:2006 

Health Informatics-Digital Imaging and Communication in medicine 
(DICOM) including work flow and data management 

14 

ISO CD 17583 

Health informatics — Terminology constraints for coded data elements 
expressed in ISO Harmonized Data Types used in healthcare information 
interchange 

15 

ISO/TS 

22220:2008(E) 

Health informatics — Identification of subjects of health care 

16 

ISO DTS 14441 

Health informatics — Security and privacy requirements of EHR systems 
for use in conformity assessment 


Table 3: ISO Standards Already Considered 


Reference Model 1 

openEHR (www.openehr.org) is a virtual community working on interoperability and computability in e- 
health. Its main focus is electronic patient records (EHRs) and systems. 


1 Information as available from openEHR website 
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The openEHR Foundation has published a set of specifications defining a health information reference 
model, a language for building 'clinical models', or archetypes, which are separate from the software, 
and a query language. 

The architecture is designed to make use of external health terminologies, such as SNOMED CT, LOINC 
and ICDx. Components and systems conforming to openEHR are 'open' in terms of data (they obey the 
published openEHR XML Schemas), models (they are driven by archetypes, written in the published ADL 
formalism) and APIs. They share the key openEHR innovation of adaptability, due to the archetypes 
being external to the software, and significant parts of the software being machine-derived from the 
archetypes. 

The essential outcome is systems and tools for computing with health information at a semantic level, 
thus enabling true analytic functions like decision support, and research querying. 

Being an ISO standard, ISVs are strongly encouraged to be guided by the contents in their system design. 

Discharge/Treatment Summary Format 

The format for Medical Records as specified by Medical Council of India under regulation 3.1 of ethics, 
will need to be followed whenever any discharge or treatment summary is prepared. The specified 
format is provided in Chapter 11 of this document for ready reference. ISVs should additionally refer to 
available openEHR archetypes for the same. 

Interfacing with Personal Healthcare and Medical Devices 

Where not covered under relevant data exchange standards, it is recommended that IEEE 11073 health 
informatics standards and related ISO standards for medical devices be followed as appropriate 
whenever any personal healthcare/medical device is interfaced with the EHR System for the purpose of 
clinical data exchange, retrieval, storage, etc. 

VARIOUIS ORGANISATIONS AND THEIR RECOMMENDED HEALTHCARE 
INFORMATICS STANDARDS 


Organization 

Standards 

Ministry of Communications and 
Information Technology, 
Government of India 

> Information Technology Infrastructure for Health (ITIH) 
framework 

> Recommendations on Guidelines, Standards & Practices for 
Telemedicine in India 

National Knowledge Commission 

> Indian health information network development (iHIND) 
recommendations from the National Knowledge 

International Organization for 
Standardization (ISO) 

Requirements for Electronic Health Record Architecture (ISO / TS 
18308) 

European Committee for 

Standardization (CEN) 

CEN/TC 251 EN 13606 

American Society for Testing & 
Materials (ASTM) 

Continuity of Care Record (CCR) 
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Health Level 7 (HL7) 

> HL7 v2.x 

> HL7 v3 

> CDA-2 

> FHIR (Fast Health Interoperable Resources) - the newest 
version; easy upgrade from v2.x to FHIR 

> EHR - System Functional Model 

HL7 & ASTM Collaboration 

Continuity of Care Document (CCD) 

National Electrical 

Manufacturer's Association 

(NEMA) 

Digital Imaging and Communications in Medicine (DICOM PS 3.0 
2004 onwards) 


Table 4: Organisations and their recommended Health Informatics Standards 
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3. GUIDELINES 

Hardware 

• The IT hardware used should meet (and preferably be better than) the optimal requirement 
given by the software (to be) used. 

• The medical and IT hardware used must meet the relevant applicable specifications from BIS, 
NEMA, ISO, CE, RoHS, EnergyStar, apart from Medical and IT standards for the equipment. 

• A backup or data preservation mechanism should be considered. Data capacity should be 
planned to meet the storage requirement as per the mandated rule/law. 

• System redundancy at various levels (disk, power, network, etc.) should be planned to meet the 
organizational system availability requirement. 

• Network and data security should be planned, implemented, and periodically audited. Please 
see section on Security and Privacy for requirements and functions to be supported and 
implemented. 

• Hardware should be checked periodically for correctness and completeness of operation 
expected from them. An appropriate maintenance cycle should be planned and followed. 

• Planned and expected Capacity and Quality requirement of the organization should be met by 
the hardware used. Periodic updates and upgrades should be carried out to meet the 
requirements. 

Networking and Connectivity 

• Should be able to harness any telecommunications-related connectivity like the Internet, LAN, 
WAN, WAP, CDMA, GSM or even Cloud Computing that will permit the various EMRs of an 
individual to be integrated into a single lifelong electronic health record 

• As far as practical and affordable, the connectivity medium chosen should be reliable and fast 
enough to sustain a secure data exchange for the period expected for transaction of records and 
data. The speed of the connectivity medium should be chosen from among available options so 
as to provide an acceptable user experience and not cause software/system fault due to 
delays/noise/failure. 

• Should be able to ensure that data exchange is performed in a secure manner to ensure data 
validity and non-repudiability 

• The data exchange must further ensure that data integrity is maintained at all times 

Software Standards 

The software should 

• Conform to the specified standards 

• Satisfy specified requirements 

• Be Interoperable 

• Should be able to ensure role based access control at all times 

• Should be able to support privacy, secrecy and audit trail 

• Possess advanced search, merge, and demerge functionality to ensure that duplicates are 
robustly resolved 

• Should be able to support conception-to-current health records of a person 

• Should be able to support digital archiving and retrieval of health records after the death of a 
person for the total duration as specified by Government of India from time to time 
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• Should be able to construct a health/clinical summary based on available records from the very 
first visit to current 

• Should be able to support for rapid data capture-storage-retrieval-display of data 

• Should be able to ensure user authentication and authorisation 

Proposed Mobile Health Record 

As patients move around the healthcare system there is a need to carry essential information to ensure 
quality healthcare which will give their treating clinician basic information viz., health condition, 
drug/allergy information etc. CCR standard XML file format, with demographics, insurance info, problem 
list/diagnoses, medications, allergy and alerts, vital signs, and lab results, consultation reports, hospital 
discharge and operative reports and investigative and diagnostic results (e.g. ECG reports, tread mill test 
results, biochemistry results, histopathological findings, ultrasound findings, etc.) kept current and 
accurate by a person's healthcare team (nurses, doctors and pharmacists) which includes the patient. 

Conformance to m-governance guidelines of DEITY is 

imperative(http://www.deity.gov.in/content/framework-mobile-governance). 
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4 . DATA OWNERSHIP OF EHR 

The Ethical, Legal, Social Issues (ELSI) guidelines for Electronic Health Record (EHR) are recommended as 
follows. 

For the purposes of these recommendations, the term "privacy" shall mean that only those person or 
person(s) including organisations duly authorized by the patient may view the recorded data or part 
thereof. The term "security" shall mean thatall recorded personally identifiable data will at all times be 
protected from any unauthorized access, particularly during transport (e.g. from healthcare provider to 
provider, healthcare provider to patient). The term "trust" shall mean thatperson, persons or 
organisations (doctors, hospitals, patients) are those who they claim they are. 

The following approaches are to be adopted wherever applicable: 

• Privacy would refer to authorization by the owner of the data (the patient) 

• Security would have as components both public and private key encryption; the encryptions 
used in transit and at rest need to be through a different methodology. 

• Trust would be accepted whenever a trusted third party confirms identify 

Protected health information (PHI) would refer to any individually identifiable information whether oral 
or recorded in any form or medium that (1) is created, or received by a stakeholder; and (2) relates to 
past, present, or future physical or mental health conditions of an individual; the provision of health 
care to the individual; or past, present, or future payment for health care to an individual. 

Electronic protected health information (ePHI) would refer to any protected health information (PHI) 
that is created, stored, transmitted, or received electronically. Electronic protected health information 
includes any medium used to store, transmit, or receive PHI electronically. 

The following and any future technologies used for accessing, transmitting, or receiving PHI 
electronically are covered: 


• Media containing data at rest (data storage) 

o Personal computers with internal hard drives used at work, home, or traveling 
o External portable hard drives, including iPods and similar devices 
o Magnetic tape 

o Removable storage devices, such as USB memory sticks, CDs, DVDs, and floppy disks 
o PDAs and smartphones 

• Data in transit, via wireless, Ethernet, modem, DSL, or cable network connections 
o Email 

o File transfer 

For data ownership, a distinction is to be made between 

a. The physical or electronic records, which are owned by the healthcare provider. These are 
held in trust on behalf of the patient, and 
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b. The contained data which are the sensitive personal data of the patient is owned by the 
patient himself/herself. 

c. The healthcare provider will have the privilege to change/append/modify any record in 
relation to the health care of the patient as necessary with a complete documented trail 
of such change. No alteration of the previously saved data will be permitted.No update or 
update like command shall be utilised by the system to store a record or part thereof. A 
new record will be created with the unaltered parts of the existing record. The 
changed/appended/modified data will replace the relevant parts of that record. This 
record shall then be stored and marked as active while rendering the previous version or 
versions of the same record marked inactive. The data will thus be immutable. A strict 
audit trail shall be maintained of all activities at all times that may be suitably reviewed by 
an appropriate authority like auditor, legal representatives of the patient, the patient, 
healthcare provider, privacy officer, court appointed/authorised person, etc. 

d. The medium of storage or transmission of such electronic health record will be owned by 
the healthcare provider. 

e. The "sensitive personal information (SPI) and personal information (PI)" of the patient is 
owned by the patient themselves. Refer to IT Act 2000 for the definition of SPI and PI. 

f. Sensitive Data: As per the Information Technology Act 2000, Data Privacy Rules, refer to 
'sensitive personal data or information' (Sensitive Data) as the subject of protection, but 
also refer, with respect to certain obligations, to 'personal information'. Sensitive Data is 
defined as a subset of 'personal information'. Sensitive Data is defined as personal 
information that relates to: 

i. Passwords; 

ii. Financial information such as bank account or credit card or debit card 
or other payment instrument details; 

iii. Physical, psychological and mental health condition; 

iv. Sexual orientation; 

v. Medical/clinical records and history; 

vi. Biometric information; 

vii. Any detail relating to (1) - (6) above received by the body corporate 
for provision of services; or 

viii. Any information relating to (1) - (7) that is received, stored or 
processed by the body corporate under a lawful contract or otherwise 

Data access and confidentiality would refer to: 

a. Regulations are to be enforced to ensure confidentiality of the recorded patient/health 
data and the patient should have a control over this. 

b. Patients will have the sufficient privileges to inspect and view their health records without 
any time limit. Patient's privileges to amend data shall be limited to correction of errors in 
the recorded patient/health details. This shall need to be performed through a recorded 
request made to the healthcare provider within a period of 30 days from the date of 
discharge in all inpatient care settings or 30 days from the date of clinical encounter in 
outpatient care settings. An audit of all such changes shall be strictly maintained. Both the 
request and audit trail records shall be maintained within the system. Patients will have 
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the privileges to restrict access to and disclosure of individually identifiable health 
information. 

c. All recorded data will be available to care providers on an 'as required on demand' basis 

d. Minimum data standards 

Disclosure of information would be applicable as follows: 

a. For use for treatment, payments and other healthcare operations: In all such cases, a 
general consent must be taken from the patient or next of kin, etc. as defined by 
applicable laws by MCI 2 . 

b. Fair use for non-routine and most non-health care purposes: a specific consent must be 
taken from the patient; format as defined by MCI. 

c. Certain national priority activities, including notifiable/communicable diseases, will be 
specified for which health information may be disclosed to appropriate authority as 
mandated by law without the patient's prior authorization 

Responsibilities of any healthcare provider would include: 

a. Protect and secure the stored health information, as per the guidelines specified in this 
document (chapter on Data privacy and security). 

b. While providing patient information, remove patient identifying information (as provided 
in Table 1), if it is not necessary to be provided 

c. Will ensure that there are appropriate means of informing the patient of policies relating 
to his/her rights to health record privacy 

d. Document all its privacy policies and ensure that they are implemented and followed. This 
will include: 

i. Develop internal privacy policies 

ii. Designate a privacy officer (preferably external, may be internal) who will be 
responsible for implementing privacy policies, audit and quality assurance 

iii. Provide privacy training to all its staff 

Patient will have the privilege to appoint a personal representative to carry out the activities detailed 
below. 

a. Patients will have the privilege to ask for a copy of their health records held by a 
healthcare organization. 

b. Patients will have the privilege to request a healthcare organization that holds their 
health records, to withhold specific information that he/she does not want disclosed to 
other organizations or individuals. 

c. Patient can demand information from a healthcare provider on the details of disclosures 
performed on the patients health records. 

Instances where denial of information will apply are as follows: 

Healthcare provider will be able to deny information to a patient or representative or third 
party, in contravention of normal regulations, if in the opinion of a licensed healthcare 


2 http://www. mciindia.org/rules-and-regulation/Code%20of%20Medical%20Ethics%20Regulations.pdf 
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professional the release of information would endanger the life or safety of the patients and 
others. This will include but not be limited to as follows: 

d. Information obtained from an anonymous source under a promise of confidentiality. 

e. Psychotherapy notes. 

f. Information compiled for civil, criminal or administrative action. 

Instances where use and disclosure without individual authorization will be possible are as follows: 

Disclosures can be performed without individual authorization in the following situations. 

• With Identifiers, on production of court order 

• However, as far as possible, and where appropriate, the data so provided should be 
anonymised to remove information that will allow identification of the patient. 
(Removing identifiers as indicated in the Patient Identifying Information Table below) 

Digital signatures are to be used to prevent non-repudiation (establishing authenticity of author of 
the document) and trust by the recipient. 

Follow e-Pramaan National e-Authentication service offered by DeitY, Govt. Of India 
http://epramaan.gov.in/ 

Reference Framework for e-authentication - ePramaan 

http://egovstandards.gov.in/policy/framework-document-for-e-authentication-epramaan 
Reference Guidelines for Digital Signatures, available at 

http://egovstandards.gov.in/guidelines/Guidelines%20for%20Digital-signature/view 

Additional Reference Guidelines for Information Security, available at 
http://egovstandards.gov.in/guidelines/guidelines-for-information-security/view 

Electronic Health Records Preservation 

Preservation of health records assume significant importance in view of the fact that an electronic 
health record of a person is an aggregation of all electronic medical records of the person from the very 
first entry till date. Hence, all records must compulsorily be preserved and not destroyed during the life¬ 
time of the person, ever. 

The digital records must be preserved till such time according to the prevalent law of the land. 

It is however preferred and ISVs are strongly encouraged to ensure that the records are never be 
destroyed or removed permanently. The health of the blood relatives and natural descendants of the 
person can be strongly influenced by the health of the person and on-demand access to these may 
prove to be hugely useful in the maintenance of the health of the the relations. 

Furthermore, analysis of health data of all persons is expected to greatly benefit in the understanding of 
health, disease processes and the amelioration therof. 

With rapid decline in costs of data archiving coupled with the ability to store more and more data that 
may be readily accessible, continued maintenance of such data is not expected to lead to any big impact 
on the overall system maintenance and use. 
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Patient Identifying Information 

Data are "individually identifiable" if they include any of the under mentioned identifiers for an 
individual or for the individual's employer or family member, or if the provider or researcher is aware 
that the information could be used, either alone or in combination with other information, to identify an 
individual. These identifiers are as follows: 

1. Name 

2. Address (all geographic subdivisions smaller than street address,, and PIN code) 

3. All elements (except years) of dates related to an individual (including birth date, date of death, 

4. Telephone and/or Fax numbers 

5. Email address 

6. Medical record number 

7. Health plan beneficiary number 

8. Bank Account and/or Credit Card Number 

9. Certificate/license number 

10. Any vehicle or other any other device identifier or serial numbers 

11. PAN number 

12. Passport number 

13. ADHAAR number 

14. Voter ID card 

15. Fingerprints/Biometrics 

16. Voice recordings that are non-clinical in nature 

17. Photographic images and that possibly can individually identify the person 

18. Any other unique identifying number, characteristic, or code 

Table 5: Patient Identifying Information 

Applicable legislation details: The existing Indian laws, including but not limited to IT Act 2000 and 
as amended from time to time will prevail at all times (http://deity.gov.in/content/information- 
technology-act-2000) 
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5. DATA PRIVACY & SECURITY 
Security of Electronic Health Information: 

The Privacy Standards and the Security Standards are necessarily linked. Any health record system 
requires safeguards to ensure the data is available when needed and that information is not used, 
disclosed, accessed, altered, or deleted inappropriately while being stored or transmitted. The Security 
Standards work together with the Privacy Standards to establish appropriate controls and protections. 
Health sector entities that are required to comply with the Privacy Standards also must comply with the 
Security Standards. 

Organizations must consider several factors when adopting security measures. How a healthcare 
provider satisfies the security requirements and which technology it decides to use are business 
decisions left to the individual organization. In deciding what security measures to adopt, an 
organization must consider its size, complexity, and capabilities; it's technical infrastructure, hardware, 
and software security capabilities; the cost of particular security measures; and the probability and 
degree of the potential risks to the e-PHI it stores and transmits. 

Standards 

Purpose of the Security Standards 

The Security Standards require healthcare providers to implement reasonable and appropriate 

administrative, physical, and technical safeguards to 

• Ensure the confidentiality, integrity, and availability of all the e-PHI they create, transmit, 
receive, or maintain 

• Protect against reasonably anticipated threats or hazards to the security or integrity of their e- 

PHI 

• Protect against uses or disclosures of the e-PHI that are not required or permitted under the 
Privacy Standards 

• Ensure their workforce will comply with their security policies and procedures 

Technical Standards 

To protect the e-PHI handles by a healthcare provider, the provider must implement technical 
safeguards as part of its security plan. Technical safeguards refer to using technology to protect e-PHI 
by controlling access to it. Therefore, they must address the following standards focusing on the 
following. It is worth noting that they will need to use an EHR solution that is able to successfully and 
robustly demonstrate the possession and working of these functionalities. 

Access control: The solution must assign a unique name and/or number for identifying and tracking user 
identity and establish controls that permit only authorized users to access electronic health information. 
In cases of emergency where access controls need to be suspended in order to save a live, authorized 
users (who are authorized for emergency situations) will be permitted to have unfettered access 
electronic health information for the duration of the emergency with the access remaining in force 
during the validity of the emergency situation. 
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Access Privileges: Ideally only clinical care providers should have access rights to a person's clinical 
records. However, different institutional care providers have widely varying access privileges specified 
that are institution-specific. No country-wide standards can be specified for this at least at this point in 
time. 

Automatic log-off: An electronic session after a predetermined time of inactivity must be forcibly 
terminated. To log in back, the user will have to initiate a new log in session. However, for the sake of 
ergonomics, it is recommended that the unsaved state of the system at the time of automatic log-off be 
saved and presented back to the user for further action. This should be a user-specific feature. 

Audit log: 

• All actions related to electronic health information in accordance with the standard specified in 
this document including viewing should be recorded. 

• Based on user-defined events must be provided. 

• All or a specified set of recorded information upon request or at a set period of time must be 
electronically displayed and printed. 

Integrity: 

• During data transit the fact that the electronic health information has not been altered in transit 
in accordance with the standard specified in this document must be verifiable. 

• Detection of events - all alterations and deletions of electronic health information and audit logs, 
in accordance with the standard specified in this document must be detected. 

Authentication: 

• Locally within the system the fact that a person or entity seeking access to electronic health 
information is the one claimed and is authorized to access such information must be verifiable. 

• Across the network, however extensive it might be -that a person or entity seeking access to 
electronic health information across a network is the one claimed and is authorized to access such 
information in accordance with the standard specified in this document must be verifiable. 

Encryption: 

• Generally, all electronic health information must be encrypted and decrypted as necessary 
according to user defined preferences in accordance with the best available encryption key 
strength. 

• During data exchange all electronic health information must be suitably encrypted and decrypted 
when exchanged in accordance with an encrypted and integrity protected link. 

• All actions related to electronic health information must be recorded with the date, time, patient 
identification, and user identification whenever any electronic health information is created, 
modified, deleted, or printed; and an indication of which action(s) took place must also be 
recorded. 

• Appropriate verification that electronic health information has not been altered in transit shall be 
possible at any point in time. A secure hashing algorithm must be used to verify that electronic 
health information has not been altered in transit and it is recommended that the secure hash 
algorithm (SHA) used must be SHA-1 or higher. 

• A cross-enterprise secure transaction that contains sufficient identity information such that the 
receiver can make access control decisions and produce detailed and accurate security audit trails 
must be used within the system. 
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Administrative Safeguards Standards 

The Administrative Safeguards require healthcare providers to develop and implement a security 
management process that includes policies and procedures that address the full range of their security 
vulnerabilities. Being administrative in nature, these need to be internally designed and developed as 
SOP that must be published for all users to see and adhere to. Conformance to adherence may be 
delegated to the Privacy Officer detailed in the Data Ownership chapter above. To comply with the 
Administrative Safeguards, a healthcare provider must implement the following standards. 

• The security management process standard, to prevent security violations; 

• Assigned security responsibility, to identify a security officer; 

• Workforce security, to determine e-PHI user access privileges; 

• Information access management, to authorize access to e-PHI; 

• Security awareness training, to train staff members in security awareness; 

• Security incident procedures, to handle security incidents; 

• Contingency plan, to protect e-PHI during an unexpected event; and 

• Evaluation, to evaluate an organization's security safeguards. 

Physical Safeguards Standards 

Physical safeguards are security measures to protect a healthcare provider's electronic information 
systems, related equipment, and the buildings housing the systems from natural and environmental 
hazards, and unauthorized intrusion. Covered entities must fulfill the following four standards. However, 
since most of the implementation specifications in this category are addressable, healthcare providers 
will have considerable flexibility in how to comply with the requirements as long as these are internally 
designed and developed as SOP and published for all users to see and adhere to. Conformance to 
adherence may be delegated to the Privacy Officer detailed in the Data Ownership chapter above. 

The required physical standards are: 

• The facility access control standard, to limit actual physical access to electronic information 
systems and the facilities where they're located; 

• The workstation use standard, to control the physical attributes of a specific workstation or group 
of workstations, to maximize security; 

• The workstation security standard, to implement physical safeguards to deter the unauthorized 
access of a workstation; and 

• The device and media controls standard, to control the movement of any electronic media 
containing e-PHI from or within the facility. 
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7. ANNEXURE: EHR MINIMUM DATA SET (MDS) 

The following MDS is a reference data model. In order to kick-start EHR system implementation, a reference data model is provided below. 
However, ISVs must follow the data model/structure as provided in the applicable standard for the purpose. 

Vendors are free and indeed encouraged to opt for additional data to satisfy additional and the unmet needs of the various stakeholders, 
principally the patients and the clinical care providers. 


Data Item 

Data Type 

Data Length 

Format/Values 

Status 

Additional Observations 

UHID 

Numeric 

12 

As per Aadhar 
Specifications 

Mandatory if no other 
concomitant ID is used in 
the system, else optional 

Only the public key will be used and 
that too only for identification, aid in 
patient search, patient merge and 
demerge functionalities. Wherever 
Adhaar Number is unavailable ISVs 

will need to use the state and 
district from the patient's address, 
the patient's name, gender, age, 
father's name and mother's name 
to uniquely identify the patient 

Alternate UHID 

Any 

Any 

As per 

institution/vendor' 
s specifications 

Mandatory if no other 
concomitant ID is used in 
the system, else optional 

Any other/additional ID may be used 
including but not limited to those 
issued central/state/local 
government or the care provider as 
long as they are unique in nature 
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Patient Name 

As specified 

As specified 

To be split into First 
Name, Middle 

Name and Last 
(Family) Name 

Mandatory 

MDDS 

(http://egovstandards.gov.in/standa 
rdsandFramework/metadata-and- 
data-standards/MDDS- 
Demographic%20Ver%201.1.pdf/at_ 
download/file) may be referred to 
for patient demographics data; only 
the person identification part of the 
meta data and data standards are 
applicable 

Patient Date of 

Birth 

Date 

As specified 


Mandatory in Inpatients 
settings, Optional in others 

As specified in ISO date format 

Patient Age 

Numeric 

Fixed 

999,99,999 no 
preceding zero 
[years, months, 
days] 

Mandatory 

Age is to be automatically calculated 
if date of birth is entered/available; 
once the patient's age is available, all 
client systems must automatically 
"age" the patient. For this, unless 
the patient's date of birth is 
available, the age will be 
approximated with the assumption 
that the patient was born on the 1st 
day of that month of that year that 
the entered age appears to point to. 
The record display will need to 
clearly show that this age is an 
approximated one and that the 
patient may actually be older by 1 
month maximally 


25 




Receipt No : 319054/2016/E-GOV 


File No. Q-11011/2/2016-eGov (Computer No. 3062309 ) 


150 


Patient Gender 

Alphanumeric 

1 

To be shortened to 
one byte as M, F, 1 
or N for Male, 
Female, 

Indeterminate, Not 
Stated/lnadequatel 
y Described. 

Systems should 
translate and show 

the full form on 

user screens 

Mandatory 

The values are as specified in ISO/TS 
22220:2008(E), Health informatics — 
Identification of subjects of health 
care (NB: this is a technical 
specification and not a standard per 
se) 

Patient 

Occupation 

As specified 

As specified 


Mandatory 

It is recommended that MDDS be 
followed; details are given above 

Patient Address 
Type 

Alphanumeric 

9 

Current/Permanent 

/Previous 

Mandatory 


Patient Address 

Line 1 

As specified 

As specified 


Mandatory 

It is recommended that MDDS be 
followed; details are given above 

Patient Address 

Line 2 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 

Patient 

City/Town/Villag 
e/Police Station 

As specified 

As specified 


Mandatory 

It is recommended that MDDS be 
followed; details are given above 

Patient District 

As specified 

As specified 


Mandatory 

It is recommended that MDDS be 
followed; details are given above 

Patient State 

As specified 

As specified 


Mandatory 

It is recommended that MDDS be 
followed; details are given above; 
Alternatively, ISO 3166-2:IN may also 
be used for Indian States 

Patient Pin Code 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 
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Patient Country 
Code 

As specified 

As specified 

As per ISO Country 
Codes 

Mandatory 

ISO 3166-1 alpha-2 or ISO 3166-1 
alpha-3 

Patient Phone 
Type 

Alphanumeric 

20 

Landline/Mobile/P 

P- 

Landline/Neighbou 

r Landline/Relation 

Landline 

/Neighbour 

Mobile/Relation 

Mobile 

Optional 


Patient Phone 

Number 

Alphanumeric 

16 

(099)9999999999 

Optional 


Patient Email ID 

Alphanumeric 

255 

Must contain 

and at 

appropriate 

positions 

Optional 


Emergency 

Contact Person 

Name 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 
Relationship 

Alphanumeric 

9 

Spouse/Parent/Chil 

d/Partner/Cousin/F 

riend/Neighbour/O 

ther 

Mandatory, if used, else 
Optional 


Emergency 

Contact Person 
Address Type 

Alphanumeric 

9 

Current/Permanent 

/Previous 

Mandatory, if used, else 
Optional 
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Emergency 

Contact Person 

Address Line 1 

As specified 

As specified 


Mandatory, if used, else 
Optional 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 

Address Line 1 

As specified 

As specified 


Mandatory, if used, else 
Optional 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 

Address Line 2 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 
City/Town/Villag 
e/ Police Station 

As specified 

As specified 


Mandatory, if used, else 
Optional 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 

District 

As specified 

As specified 


Mandatory, if used 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 

State 

As specified 

As specified 


Mandatory, if used 

It is recommended that MDDS be 
followed; details are given above; 
Alternatively, ISO 3166-2:IN may also 
be used for Indian States 

Emergency 

Contact Person 

Pin Code 

As specified 

As specified 


Optional, if used 

It is recommended that MDDS be 
followed; details are given above 

Emergency 

Contact Person 
Country Code 

As specified 

As specified 

As per ISO Country 
Codes 

Optional, if used 

ISO 3166-1 alpha-2 or ISO 3166-1 
alpha-3 


28 




Receipt No : 319054/2016/E-GOV 


File No. Q-11011/2/2016-eGov (Computer No. 3062309 ) 


153 


Emergency 

Contact Person 
Phone Type 

Alphanumeric 

20 

Landline/Mobile/P 

P-Landline/ 

Neighbour 

Landline/Relation 

Landline 

/Neighbour 

Mobile/Relation 

Mobile 

Optional 


Emergency 

Contact Person 

Phone Number 

Alphanumeric 

16 

(099)9999999999 

Optional 


Emergency 

Person Email ID 

Alphanumeric 

255 

Must contain 

and at 

appropriate 

positions 

Optional 


Care Provider 

Name 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 

Care Provider 

Type 

Alphanumeric 

18 

Primary 

Physician/Consulta 

nt/Specialist/Denta 

1 

Surgeon/Orthodon 

tist/Nurse/Physioth 

erapist/ 

Optional 


Care Provider 
Address Type 

Alphanumeric 

9 

Current/Permanent 

/Previous 

Mandatory, if used, else 
Optional 


Care Provider 

Address Line 1 

As specified 

As specified 


Mandatory, if used, else 
Optional 

It is recommended that MDDS be 
followed; details are given above 

Care Provider 

Address Line 2 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 
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Care Provider 
City/Town/Villag 
e/ Police Station 

As specified 

As specified 


Mandatory, if used, else 
Optional 

It is recommended that MDDS be 
followed; details are given above 

Care Provider 

District 

As specified 

As specified 


Mandatory, if used 

It is recommended that MDDS be 
followed; details are given above 

Care Provider 

State 

As specified 

As specified 


Mandatory, if used 

It is recommended that MDDS be 
followed; details are given above; 
Alternatively, ISO 3166-2:IN may also 
be used for Indian States 

Care Provider Pin 

Code 

As specified 

As specified 


Optional, if used 

It is recommended that MDDS be 
followed; details are given above 

Care Provider 
Country Code 

As specified 

As specified 

As per ISO Country 
Codes 

Optional, if used 

ISO 3166-1 alpha-2 or ISO 3166-1 
alpha-3 

Care Provider 
Phone Type 

Alphanumeric 

20 

Landline/Mobile/P 

P-Landline/ 

Neighbour 

Landline/Relation 

Landline 

/Neighbour 

Mobile/Relation 

Mobile 

Optional 


Care Provider 

Phone Number 

Alphanumeric 

16 

(099)9999999999 

Optional 


Care Provider 

Email ID 

Alphanumeric 

255 

Must contain 

and at 

appropriate 

positions 

Optional 


Insurance Status 

Alphanumeric 

9 

Insured/Uninsured 

Optional 



30 




Receipt No : 319054/2016/E-GOV 


File No. Q-11011/2/2016-eGov (Computer No. 3062309 ) 


155 


Insurance ID 

Alphanumeric 

25 

As appropriate 

Mandatory if Insurance 

Type is Entered, else 

Optional 


Organ Donor 
Status 

Alphanumeric 

1 

Y- Yes or N - No 

Optional 


Episode Type 

Alphanumeric 

8 

New/Ongoing, 

alternatively 

New/Active/lnactiv 

e 

Optional 


Episode Number 

Numeric 

6 

999999 format - 
no prefixed 0 

Mandatory if Episode Type 
is Entered, else Optional 

For definition of episode, please 
refer to the definitions chapter 
above; this is patient specific and not 
site or care provider specific 

Encounter Type 

Alphanumeric 

14 

Outpatient/lnpatie 

nt/Emergency/Inve 

stigations 

Mandatory 

For definition of encounter, please 
refer to the definitions chapter 
above 

Encounter 

Number 

Numeric 

6 

999999 format - 
no prefixed 0 

Mandatory 

It must be ensured that the no 
encounter number is arbitrarily 
assigned. The system will need to 
ensure this. When linking records 
from diverse systems, episode and 
encounter reconciliation through 
appropriate merging and demerging 
will need to take place. However, 
this is a design and development 
issue, and out of scope for the work 
of MDS proposal 


31 




Receipt No : 319054/2016/E-GOV 


File No. Q-11011/2/2016-eGov (Computer No. 3062309 ) 


156 


Encounter Date 

& Time 

Datetime 

Fixed 

Complete date plus 
hours, minutes and 
seconds/Complete 
date plus hours, 
minutes, seconds 
and a decimal 

fraction of a 

second 

Mandatory; should be 
auto-inserted by the 
system from system time 
that is synchronised with 
Indian Standard Time 

As per ISO date time format 

Reason for Visit 

Alphanumeric 

4096 3 


Mandatory 

More than one reason for visit may 
be entered 

Present History 

Alphanumeric 

4096 


Optional 


Past History 

Alphanumeric 

4096 


Optional 


Personal History 

Alphanumeric 

4096 


Optional 


Family History 

Alphanumeric 

4096 


Optional 



’Both structured and unstructured data can be used wherever the data type is alphanumeric and data length is 4096 and if necessary, it can be made longer. 
This is true for all fields in the Minimum Data Set wherever the field size of 4096 occurs. 
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Menstrual & 
Obstetric History 

Alphanumeric 

4096 

LMP, Cycle 

Duration, Gravida, 
Parity to be 
captured as 
structured data 

where LMP: date 
type; Cycle 

Duration, Gravida, 
Parity: numeric 
type; 

Optional 

Menstrual & Obstetric History to be 
available only if the chosen gender is 
female 

Socio-economic 

Status 

As specified 

As specified 


Optional 

It is recommended that MDDS be 
followed; details are given above 

Immunization 

History 

Alphanumeric 

4096 


Optional 

It is preferable that the details are 
captured in as granular a manner as 
is practical; multiple entries should 
be possible, with a list of values for 
each vaccine type and dates 
administered with current status 
(administered/not-administered) 

Allergy Status 

Alphanumeric 

8 

Active/Inactive 

Optional 


Allergy History 

Alphanumeric 

4096 


Optional/Mandatory if 
Allergy Status is entered 

Allergies will be a list of values (drug 
generics, etc.) that would, in future, 
allow allergy alerts to be activated 

Allergy Severity 

Alphanumeric 

8 

Mild/Moderate/Se 

vere 

Optional/Mandatory if 
Allergy Status is entered 
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Clinical Exam 

Vitals Systolic BP 

Numeric 

3 

999 - no preceding 

0 

Optional 

Unit of measurement is mmHg 

Clinical Exam 

Vitals Diastolic 

BP 

Numeric 

3 

999 - no preceding 

0 

Optional 

Unit of measurement is mmHg 

Clinical Exam 

Pulse Rate 

Numeric 

3 

999 - no preceding 

0 

Optional 

Unit of measurement is per minute 

Clinical Exam 
Temperature (°C) 

Floating 

2 digits, 2 
decimals 

99.99 

Optional 

Unit of measurement is degrees 
Centigrade; if degrees Fahrenheit is 
to be used, then this may be 
converted at run time for display or 
data manipulation purposes by the 
system 

Clinical Exam 
Temperature 
Source 

Alphanumeric 

6 

Oral/Armpit/Groin/ 

Rectal 

Mandatory, if Temperature 
is captured 


Clinical Exam 
Respiration Rate 

Numeric 

3 

999 - no preceding 

0 

Optional 

Unit of measurement is per minute 

Clinical Exam 
Height (cms) 

Floating 

3 digits, 2 
decimals 

999.99 

Optional 

Unit of measurement is centimetres; 
if any other unit of measurement, 
like feet, is to be used, then this may 
be converted at run time for display 
or data manipulation purposes by 
the system 

Clinical Exam 
Weight (kgs) 

Floating 

3 digits, 2 
decimals 

999.99 

Optional 

Unit of measurement is kilograms; if 
any other unit of measurement, like 
pounds, is to be used, then this may 
be converted at run time for display 
or data manipulation purposes by 
the system 
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Blood Group 

Alphanumeric 

3 

A+/A-/B+/B- 

/AB+/AB-/0+/0- 

Optional 


Clinical Exam 

Observation 

Alphanumeric 

4096 


Mandatory 

It is recommended that SNOMED-CT 

be used for all clinical 
terms/observations 

Investigation 

Results 

Alphanumeric 

4096 


Mandatory in Inpatients 
settings, Optional in others 

It is recommended that LOINC be 
used for all laboratory observations 

Clinical Summary 

Alphanumeric 

4096 


Mandatory 

It is recommended that SNOMED-CT 

be used for all clinical 
terms/observations 

Diagnosis Type 

Alphanumeric 

11 

Provisional/Final/A 

dmission/lnterim/ 

Working/Discharge 

Mandatory 


Diagnosis Code 
Name 

As specified 

As specified 

ICD/SNOMED 

CT/Free 

Mandatory 

This denotes the name of the 
diagnosis coding system - SNOMED- 
CT/ICD, etc. It is recommended that 
SNOMED-CT be used. Till such time 
SNOMED-CT license is procured, it is 
recommended that ICD be used 

Diagnosis Code 

As specified 

As specified 

Coding system 
dependent 

Mandatory 

Diagnosis Code should allow multiple 
entries per encounter record 

Diagnosis 

(Description) 

Alphanumeric 

4096 


Mandatory 


Treatment Plan 
Investigations 

Alphanumeric 

4096 


Mandatory in Inpatients 
settings, Optional in others 

The user may or may not enter any 
value 
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Treatment Plan 

Medication 

Alphanumeric 

4096 


Mandatory 

It is preferable that the details are 
captured in as granular a manner as 
is practical; for the allopathic system 
of medicine, it is suggested that 
something similar to the contents of 
the table below be followed - this 
requirement is not mandatory 

Treatment Plan 

Procedure 

Alphanumeric 

4096 


Mandatory in Inpatients 
settings, Optional in others 

Should be "None" if no procedure is 
advised/dispensed 

Treatment Plan 

Referral 

Alphanumeric 

4096 


Optional 

For use in referral cases only 

Other Treatment 
Plan Type 

Alphanumeric 

10 

Diet/Life-style/ 

Others 

Optional 


Other Treatment 

Plan Details 

Alphanumeric 

4096 


Mandatory if Other 
Treatment Type is selected 


Current Clinical 

Status 

Alphanumeric 

255 

[Free text] 

Mandatory 

Captures the current clinical status; 
synonymous with clinical outcome or 
condition at discharge; it is 
preferable that terms such as "Fair", 
"Relieved", "Better", "Same", 

"Worse", "Fatal", etc. be used 
instead of long narratives 

Care Provider 
Digital Signature 

As appropriate 

As 

appropriate 

As appropriate 

Mandatory only for records 
related to MLC; optional 
for others 4 

Please refer to the Digital Signatures 
section in Chapter 7 - Data 

Ownership 


4 Audit trail requirements would ensure that every record is associated with a unique date-time stamp of the entry and the user who makes it - known through 
RBAC (login with unique ID and password) - thereby ensuring that every entry is de facto digitally signed. 
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• All fields from UHID to Organ Donor Status constitutes the demographics information, the rest clinical information. Thus, the former will 
represent the header and the latter the body. 

• It is strongly recommended that the contents of the header section may only be entered once during registration and updated periodically 
as necessary. 

• Date of birth, once entered, cannot be changed ever and is thus immutable. 

• The contents of the body must be entered anew on every clinical encounter. 

• Appropriate search functionality should be provided to ensure that any patient is uniquely identifiable even in the absence of a unique 
identifier (eg, the patient is unable to recall it, has misplaced his/her old records, etc.) 


MEDICATION DETAILS (for allopathic system of medicine only): 


Data Item 

Data Type 

Data Length 

Format/Values 

Status 

Additional Observations 

Medication 

Name 

As specified 

As specified 

As per the drug 
database 

Optional; if entered, then 
some fields are mandatory 
as specified below 

Should preferably be generic 

Drug Code 

As specified 

As specified 

As per the drug 
database 

Mandatory, if entered 

Auto populated by the system 

Drug Identifier 

As specified 

As specified 


Optional 

GS1 bar/QR code 

Strength 

As specified 

As specified 

As per the drug 
database 

Mandatory, if entered 

Should be presented as a LOV 

Dose 

As specified 

As specified 


Mandatory, if entered 

To be entered by the care provider 

Route 

As specified 

As specified 


Mandatory, if entered 

To be entered by the care provider 

Frequency 

As specified 

As specified 


Mandatory, if entered 

To be entered by the care provider 

Duration 

As specified 

As specified 


Mandatory, if entered 

To be entered by the care provider; 
this represents the length of time 
the medication is to be taken 


Table 6: EHR MDS 
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N.B. Due to requirements associated with medical tourism, it is recommended that ISVs keep this in mind while designing the address fields, 
leaving enough flexibility to enter a foreign district, state and country. 

MDS and CEN / TC 251 EN 13606 (EHRCom): The EHRCom standard is recommened for data model specification. The Minimum Data Set is to be 
used as reference while designing the Archetypes to ensure archetype level interoperability between different EHR systems. 
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10. ACRONYMS, DEFINITIONS & GLOSSARY 


[A] 

ADSL (Asymmetric Digital Subscriber Line): A type of DSL that uses copper telephone lines to transmit 
data faster than a traditional modem. ADSL only works within short distances because it uses high 
frequencies with short signals. 

Allergy List: This is a list of all the patient's allergies. 

Allopathic, Allopathy: Defined as relating to or being a system of medicine that aims to combat disease 
by using remedies (as drugs or surgery) which produce effects that are different from or incompatible 
with those of the disease being treated 

Ambulatory care: Any medical care delivered on an outpatient basis. 

ANM: Auxiliary Nurse Midwife 

ASHA: Accredited Social Health Activist is usually a literate 25 - 45 yr old married/ widowed/ divorced 
lady selected from the village itself and accountable to it and trained to work as an interface between 
the community and the public health system. This is position is one of the key components of the 
National Rural Health Mission aimed at providing every village in the country with a trained female 
community health activist 

ATC: Anatomical Therapeutic Chemical Classification System,controlled by the WHO Collaborating 
Centre for Drug Statistics Methodology (WHOCC), is used for drug classification. 

Authentication: The verification of the identity of a person or process. 

Authorization: Any document designating any permission. Authorization or waiver of authorization for 
the use or disclosure of identifiable health information for research (among other activities) is required. 
The authorization must indicate if the health information used or disclosed is existing information 
and/or new information that will be created. The authorization form may be combined with the 
informed consent form, so that a patient need sign only one form. An authorization must include the 
following specific elements: a description of what information will be used and disclosed and for what 
purposes; a description of any information that will not be disclosed, if applicable; a list of who will 
disclose the information and to whom it will be disclosed; an expiration date for the disclosure; a 
statement that the authorization can be revoked; a statement that disclosed information may be re¬ 
disclosed and no longer protected; a statement that if the individual does not provide an authorization, 
she/he may not be able to receive the intended treatment; the subject's signature and date. 

AYUSH: Ayurveda, Yoga, Unani, Siddha and Homeopathy. Falls under the broad category of Indian 
Systems of Medicines and Homoeopathy (ISM&H) governed by Ministry of Health and Family Welfare, 
Government of India 


[C] 
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CCD (Continuity of Care Document): A joint effort of HL7 International and ASTM. CCD fosters 
interoperability of clinical data by allowing physicians to send electronic medical information to other 
providers without loss of meaning and enabling improvement of patient care. CCD is an implementation 
guide for sharing Continuity of Care Record (CCR) patient summary data using the HL7 Version 3 Clinical 
Document Architecture (CDA), Release 2. It establishes a rich set of templates representing the typical 
sections of a summary record, and these same templates for vital signs, family history, plan of care, and 
so on can then be used for establishing interoperability across a wide range of clinical use cases. 

CDT: Common Dental Terminology 

Chain of Trust Agreement: A contract needed to extend the responsibility to protect health care data 
across a series of sub-contractual relationships. 

Chief Complaint (CC), Reason for Consultation (RFC), Reason for Visit (ROV): for recording a patient's 
disease symptoms. 

Client/Serverarchitecture: An information-transmission arrangement, in which a client program sends a 
request to a server. When the server receives the request, it disconnects from the client and processes 
the request. When the request is processed, the server reconnects to the client program and the 
information is transferred to the client. This usually implies that the server is located on site as opposed 
to the ASP (Application Server Provider) architecture. 

Clinical Care Provider: Personnel or entities directly related to providing clinical care to patient. 

Clinical Data Repository (CDR): A real-time database that consolidates data from a variety of clinical 
sources to present a unified view of a single patient. It is optimized to allow clinicians to retrieve data for 
a single patient rather than to identify a population of patients with common characteristics or to 
facilitate the management of a specific clinical department. 

Clinical Decision Support System (CDSS): A clinical decision support system (CDSS) is software designed 
to aid clinicians in decision making by matching individual patient characteristics to computerized 
knowledge bases for the purpose of generating patient-specific assessments or recommendations. 

Clinical Establishment:Clinical establishment means (1) a hospital, maternity home, nursing home, 
dispensary, clinic, sanatorium or an institution by whatever name called that offers services, facilities 
requiring diagnosis, treatment or care for illness, injury, deformity, abnormality or pregnancy in any 
recognised system of medicine established and administered or maintained by any person or body of 
persons, whether incorporated or not; or (2) a place established as an independent entity or part of an 
establishment referred to above, in connection with the diagnosis or treatment of diseases where 
pathological, bacteriological, genetic, radiological, chemical, biological investigations or other diagnostic 
or investigative services with the aid of laboratory or other medical equipment, are usually carried on, 
established and administered or maintained by any person or body of persons, whether incorporated or 
not. (Clinical Establishment Act - CEA 2010) 

Clinical Guidelines (Protocols): Clinical guidelines are recommendations based on the latest available 
evidence for the appropriate treatment and care of a patient's condition. 

Clinical Messaging: Communication of clinical information within the electronic medical record to other 
healthcare personnel. 
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Coded Data: Data are separated from personal identifiers through use of a code. As long as a link exists, 
data are considered indirectly identifiable and not anonymous or anonymized. 

Code Set: Any set of codes used to encode data elements, such as tables of terms, medical concepts, 
medical diagnostic codes, or medical procedure codes. This includes both the codes and their 
descriptions. 

Coding: A mechanism for identifying and defining physicians' and hospitals' services. Coding provides 
universal definition and recognition of diagnoses, procedures and level of care. Coders usually work in 
medical records departments and coding is a function of billing. Medicare fraud investigators look 
closely at the medical record documentation, which supports codes and looks for consistency. Lack of 
consistency of documentation can earmark a record as "up-coded" which is considered fraud. A national 
certification exists for coding professionals and many compliance programs are raising standards of 
quality for their coding procedures. 

Computer-Based Patient Record (CPR): A term for the process of replacing the traditional paper-based 
chart through automated electronic means; generally includes the collection of patient-specific 
information from various supplemental treatment systems, i.e., a day program and a personal care 
provider; its display in graphical format; and its storage for individual and aggregate purposes. CPR is 
also called "digital medical record" or "electronic medical record". 

Computerized Patient Record (CPR): Also known as an EMR or, when in context, EHR. A patient's past, 
present, and future clinical data stored in a server. 

Computerized Physician Order Entry (CPOE): A system for physicians to electronically order labs, 
imaging and prescriptions 

CPT (Current Procedural Terminology) Code: A recognizable five-digit number used to represent a 
service provided by a healthcare provider. It is a manual that assigns five digit codes to medical services 
and procedures to standardize claims processing and data analysis. The coding system for physicians' 
services developed by the CPT Editorial Panel of the American Medical Association. 

[D] 

Data Content: All the data elements and code sets inherent to a transaction, and not related to the 
format of the transaction. 

Data: This is factual information (as measurements or statistics) used as a basis for reasoning, 
discussion, or calculation. It additionally points to the information output by a sensing device or organ 
that includes both useful and irrelevant or redundant information and must be processed to be 
meaningful. 

Database Management System (DBMS): The separation of data from the computer application that 
allows entry or editing of data. 

DICOM (Digital Imaging and Communications in Medicine): Digital Imaging and Communications in 
Medicine (DICOM) is a standard to define the connectivity and communication between medical 
imaging devices. 
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Disease Management: A type of product or service now being offered by many large pharmaceutical 
companies to get them into broader healthcare services. Bundles use of prescription drugs with 
physician and allied professionals, linked to large databases created by the pharmaceutical companies, 
to treat people with specific diseases. The claim is that this type of service provides higher quality of 
care at more reasonable price than alternative, presumably more fragmented, care. The development of 
such products by hugely capitalized companies should be the entire indicator necessary to convince a 
provider of how the healthcare market is changing. Competition is coming from every direction—other 
providers of all types, payers, employers who are developing their own in-house service systems, the 
drug companies. 

Document Imaging: Is a process of converting paper documents into an electronic format usually 
through a scanning process. 

Document Management: The Document Manager allows the medical institution to store vital patient 
documents such as X-Ray's, Paper Reports, and Lab Reports etc. 

Documentation: The process of recording information. 

DOHAD:Developmental Origins of Health and Diseases 

Drug Formulary: Varying lists of prescription drugs approved by a given health plan for distribution to a 
covered person through specific pharmacies. Health plans often restrict or limit the type and number of 
medicines allowed for reimbursement by limiting the drug formulary list. The list of prescription drugs 
for which a particular employer or State Medicaid program will pay. Formularies are either "closed," 
including only certain drugs or "open," including all drugs. Both types of formularies typically impose a 
cost scale requiring consumers to pay more for certain brands or types of drugs. See also Formulary. 

Drug Formulary Database: This EMR feature is used for electronic prescribing, electronic medical record 
(EMR), and computerized physician order entry (CPOE) systems to present formulary status to the 
provider while during the prescribing decision. 

DSM: Diagnostic and Statistical Manual for Mental Diseases 

[E] 

EDI: Acronym for Electronic Data Interchange. Electronic communication between two parties, generally 
for the filing of electronic claims to payers. 

EDI Translator: Used in electronic claims and medical record transmissions, this is a software tool for 
accepting an EDI transmission and converting the data into another format, or for converting a non-EDI 
data file into an EDI format for transmission. See also Electronic Data Interchange. 

EHR/EMR System Designer, Developer, Manufacturer, Vendor, Supplier, Retailer, Re-seller: Any entity 
that is involved in the design, development, testing, manufacturing, supplying, selling including re-selling 
of Electronic Health Records or Electronic Medical Records Systems as a whole or part thereof. 

Electronic Data Interchange (EDI): The automated exchange of data and documents in a standardized 
format. In health care, some common uses of this technology include claims submission and payment, 
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eligibility, and referral authorization. This refers to the exchange of routine business transactions from 
one computer to another in a standard format, using standard communications protocols. 

Electronic Health Records (EHR): is a distributed personal health record in digital format. The EHR 
provides secure, real-time, patient-centric information to aid clinical decision-making by providing 
access to a patient's health information at the point of care. Patient health records including treatment 
history, medical test reports, and images stored in an electronic format that can be accessed by 
healthcare providers on a computer network 

Electronic Medical Records (EMR): A computer-based record containing health care information. This 
technology, when EMR fully developed, meets provider needs for real-time data access and evaluation 
in medical care. Together with clinical workstations and clinical data repository technologies, it provides 
the mechanism for longitudinal data storage and access. A motivation for healthcare entities to 
implement this technology derives from the need for medical outcome studies, more efficient care, 
speedier communication among providers and management of health plans. This record may contain 
some, but not necessarily all, of the information that is in an individual's paper-based medical record. 

Electronic protected health information (ePHI): Electronic protected health information (ePHI) is any 
protected health information (PHI) that is created, stored, transmitted, or received electronically. 
Electronic protected health information includes any medium used to store, transmit, or receive PHI 
electronically. The following and any future technologies used for accessing, transmitting, or receiving 
PHI electronically are covered. Media containing data at rest (data storage) like personal computers with 
internal hard drives used at work, home, or traveling, external portable hard drives, including iPods and 
similar devices, magnetic tape, removable storage devices, such as USB memory sticks, CDs, DVDs, and 
floppy disks, PDAs and smartphones and data in transit, via wireless, Ethernet, modem, DSL, or cable 
network connections, Email, File transfer. (For Protected Health Information - PHI, please see below) 

Encounter: A clinical encounter is defined by ASTM as "(1) an instance of direct provider/practitioner to 
patient interaction, regardless of the setting, between a patient and a practitioner vested with primary 
responsibility for diagnosing, evaluating or treating the patient's condition, or both, or providing social 
worker services. (2) A contact between a patient and a practitioner who has primary responsibility for 
assessing and treating the patient at a given contact, exercising independent judgment." Encounter 
serves as a focal point linking clinical, administrative and financial information. Encounters occur in 
many different settings — ambulatory care, inpatient care, emergency care, home health care, field and 
virtual (telemedicine), [http://www.ncvhs.hhs.gov/040127pl.htm] 

Episode: An episode of care consists of all clinically related services for one patient for a discrete 
diagnostic condition from the onset of symptoms until the treatment is complete 
[http://www.ncmedsoc.org/non_members/pai/PAI-FinalWorkbookforVideo.pdf] Thus, for every new 
problem or set of problems that a person visits his/her clinical care provider, it is considered a new 
episode. Within that episode the patient will have one to many encounters with his/her clinical care 
providers till the treatment for that episode is complete. Even before the resolution of an episode, the 
person may have a new episode that is considered as a distinctly separate event altogether. Thus, there 
may be none, one or several ongoing active episodes. All resolved episodes are considered inactive. 
Hence they become part of the patient's past history. A notable point here is that all chronic diseases 
are considered active and may never get resolved during the life-time of the person, e.g., diabetes 
mellitus, hypertension, etc. 
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EPR: Broadly defined, a personal health record is the documentation of any form of patient 
information-including medical history, medicines, allergies, visit history, or vaccinations-that patients 
themselves may view, carry, amend, annotate, or maintain. Today, when we refer to PHRs, we typically 
mean an online personal health record-which may variously be referred to as an ePHR, an Internet PHR, 
an Internet medical record, or a consumer Internet Medical Record (CIMR). Generally, such records are 
maintained in a secure and confidential environment, allowing only the individual, or people authorized 
by the individual, to access the medical information. Not all electronic PHRs are Internet PHRs. PC-based 
PHRs may be set up to capture medical information offline. 

Evidence Based Medicine: Evidence-based medicine (EBM) is the integration of best research evidence 
with clinical expertise to aid in the diagnosis and management of patients. 

[F] 

Family History: A list of the patient's family medical history including the chronic medical problems of 
parents, siblings, grandparents, etc. 

FHIR: Fast Health Interoperable Resources, the newest version from HL7 org for messaging. 

Formatting and Protocol Standards: Data exchange standards which are needed between CPR systems, 
as well as CPT and other provider systems, to ensure uniformity in methods for data collection, data 
storage and data presentation. Proactive providers are current in their knowledge of these standards 
and work to ensure their information systems conform to the standards. 

Formulary: An approved list of prescription drugs; a list of selected pharmaceuticals and their 
appropriate dosages felt to be the most useful and cost effective for patient care. Organizations often 
develop a formulary under the aegis of a pharmacy and therapeutics committee. In HMOs, physicians 
are often required to prescribe from the formulary. See also Drug Formulary. 

[G] 

Growth Chart: A feature for a Primary Care or EMR that can be used for paediatric patients. Age, height, 
weight, and head measurements can be entered over the patient's lifetime, and the feature creates a 
line graph. 

[H] 

Health Care Operations: Institutional activities that is necessary to maintain and monitor the operations 
of the institution. Examples include but are not limited to: conducting quality assessment and 
improvement activities; developing clinical guidelines; case management; reviewing the competence or 
qualifications of health care professionals; education and training of students, trainees and 
practitioners; fraud and abuse programs; business planning and management; and customer service. 
Under the HIPAA Privacy Rule, these are allowable uses and disclosures of identifiable information 
"without specific authorization." Research is not considered part of health care operations. 

Health Care, Healthcare: Care, services, and supplies related to the health of an individual. Health care 
includes preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and 
counseling, among other services. Healthcare also includes the sale and dispensing of prescription drugs 
or devices. 
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Health Information: Information in any form (oral, written or otherwise) that relates to the past, present 
or future physical or mental health of an individual. That information could be created or received by a 
health care provider, a health plan, a public health authority, an employer, a life insurer, a school, a 
university or a health care clearinghouse. All health information is protected by state and federal 
confidentiality laws and by HIPAA privacy rules. 

Health Level Seven (HL7): A data interchange protocol for health care computer applications that 
simplifies the ability of different vendor-supplied IS systems to interconnect. Although not a software 
program in itself, HL7 requires that each healthcare software vendor program HL7 interfaces for its 
products. The organisation is one of the American National Standards Institute accredited Standard 
Developing Organization (SDO) - Health Level 7 domain is the standards for electronic interchange of 
clinical, financial and administrative info among healthcare oriented computer systems. Is a not-for- 
profit volunteer organization. It develops specifications, most widely used is the messaging standard 
that enables disparate health care applications to exchange key sets of clinical and administrative data. 
It promotes the use of standards within and among healthcare organizations to increase the 
effectiveness and efficiency of healthcare delivery. It is an international community of healthcare 
subject matter experts and information scientists collaborating to create standards for the exchange, 
management and integration of electronic healthcare information. 

Health: The state of complete physical, mental, and social well-being and not merely the absence of 
disease or infirmity. It is recognized, however, that health has many dimensions (anatomical, 
physiological, and mental) and is largely culturally defined. The relative importance of various disabilities 
will differ depending upon the cultural milieu and the role of the affected individual in that culture. Most 
attempts at measurement have been assessed in terms or morbidity and mortality. 

Healthcare provider: A health care provider is an individual or an institution that provides preventive, 
curative, promotional or rehabilitative health care services in a systematic way to individuals, families or 
communities. An individual health care provider may be a health care professional, an allied health 
professional, a community health worker, any or other person trained and knowledgeable in medicine, 
nursing or other allied health professions, or public/community health workers like , ASHA, ANM, 
midwives, paramedical staff, OT/lab/radio-diagnostic technicians, etc. An institution will include 
hospitals, clinics, primary care centres and other service delivery points of health care individual clinics, 
polyclinics, diagnostic centres, etc., i.e., any place where a medical record is generated during a patient- 
care provider encounter (in conformance to CEA 2010 - please refer to Clinical Establishment item 
above). It must be noted that any person solely performing non-clinical work is not a care provider. 

History of Present Illness (HPI): The HPI is the history of the patient's chief complaint. 

Human Subject: Refers to a living subject participating in research about whom directly or indirectly 
identifiable health information or data are obtained or created. 

Hybrid Record: Term used for when a provider uses a combination of paper and electronic medical 
records during the transition phase to EMR. 


Independent Software Vendor (ISV): A company specializing in making or selling software products that 
runs on one or more computer hardware or operating system platforms. 


169 


45 



File No. Q-11011/2/2016-eGov (Computer No. 3062309 ) 
Receipt No : 319054/2016/E-GOV 


Immunisation: A complete list of all immunizations that the patient has had. 

Informatics: The application of computer technology to the management of information. 

Integration: Integration allows for secure communication between enterprise applications. 

Interface: A means of communication between two computer systems, two software applications or 
two modules. Real time interface is a key element in healthcare information systems due to the need to 
access patient care information and financial information instantaneously and comprehensively. Such 
real time communication is the key to managing health care in a cost effective manner because it 
provides the necessary decision-making information for clinicians, providers, other stakeholders, etc. 

International Classification of Diseases: This is the universal coding method used to document the 
incidence of disease, injury, mortality and illness. A diagnosis and procedure classification system 
designed to facilitate collection of uniform and comparable health information. The ICD-9-CM was 
issued in 1979. This system is used to group patients into DRGs, prepare hospital and physician billings 
and prepare cost reports. Classification of disease by diagnosis codified into six-digit numbers. See also 
coding. 

International Classification of Traditional Medicine (ICTM): The World Health Organization, in 
consultation with a large group of stakeholders in the areas of Traditional Medicine or Complementary 
and Alternative Medicine and Health Information Systems, has developed a collaborative project plan to 
produce an international standard terminology and classification system for Traditional Medicine. The 
mission is to produce an international standard for information on TM that is ready for electronic health 
records and that will serve as a standard for scientific comparability and communication. With 
International Classification of Traditional Medicine, International Standard Terminologies of Traditional 
Medicine, and a web portal that links the TM classification and TM terminologies to the WHO-FIC as the 
listed deliverables. 

International Health Terminology Standards Development Organization (IHTSDO): Denmark-based 
organization that maintains and licenses SNOMED codes worldwide. 

Interoperability: The capability to provide successful communication between end-users across a mixed 
environment of different domains, networks, facilities and equipment. 

ISP: Internet Service Provider 

ISV (Independent Software Vendor):An independent software vendor (ISV) is a company specializing in 
making or selling software, designed for mass or niche markets. This typically applies for application- 
specific or embedded software, from other software producers. 

N] 

J-Codes: A subset of the HCPCS Level II code set with a high-order value of "J" that has been used to 
identify certain drugs and other items. 

[L] 
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LAN (Local Area Network): A LAN supplies networking capability to a group of computers in close 
proximity to each other such as in an office building, a school, or a home. 

Legacy System Integration: The integration of data between a legacy system and some other software 
program most commonly using HL-7 standards. 

Legacy Systems: Computer applications, both hardware and software, which have been inherited 
through previous acquisition and installation. Most often, these systems run business applications that 
are not integrated with each other. Newer systems which stress open design and distributed processing 
capacity are gradually replacing such systems. 

Length of Stay (LOS): The duration of an episode of care for a covered person. The number of days an 
individual stays in a hospital or inpatient facility. May also be reviewed as Average Length of Stay (ALOS). 

LEPR (Longitudinal Patient Record): Longitudinal Patient Record is an EHR that includes all healthcare 
information from all sources. 

Logical Observation Identifiers Names and Codes (LOINC®): The purpose of LOINC® is to facilitate the 
exchange and pooling of clinical results for clinical care, outcomes management, and research by 
providing a set of universal codes and names to identify laboratory and other clinical observations. The 
Regenstrief Institute Inc., an internationally renowned healthcare and informatics research organization, 
maintains the LOINC database and supporting documentation, and the RELMA mapping program. 

[M] 

Management Information System (MIS): The common term for the computer hardware and software 
that provides the support of managing the plan. 

Master Patient / Member Index: An index or file with a unique identifier for each patient or member 
that serves as a key to a patient's or member's health record. 

Maximum Defined Data Set: All of the required data elements for a particular standard based on a 
specific implementation specification. An entity creating a transaction is free to include whatever data 
any receiver might want or need. The recipient is free to ignore any portion of the data that is not 
needed to conduct their part of the associated business transaction, unless the inessential data is 
needed for coordination of benefits. 

MCI: Medical Council of India 

Medical Code Sets: Codes that characterize a medical condition or treatment. These code sets are 
usually maintained by professional societies and public health organizations. Compare to administrative 
code sets. 

Medical Informatics: Medical informatics is the systematic study, or science, of the identification, 
collection, storage, communication, retrieval, and analysis of data about medical care services to 
improve decisions made by physicians and managers of health care organizations. Medical informatics 
will be as important to physicians and medical managers as the rules of financial accounting are to 
auditors. 
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Medical Management Information System (MMIS): A data system that allows payers and purchasers to 
track health care expenditure and utilization patterns. It may also be referred to as Health Information 
System (HIS), Health Information Management (HIM) or Information System (IS). See also Electronic 
Medical Record (EMR). 

MIMS: Monthly Index of Medical Specialities 

Minimum Data Set: The minimum set of data elements that must be captured, stored, made 
available for retrieval, presentation, relay and sharing by an EHR system. It comprises of all of the 
essential data elements required for implementation. An entity creating a transaction must include the 
mandatory data elements at all times and is free to exclude optional data elements. The entity is free to 
additionally include whatever other data elements that any receiver might want or need. The recipient is 
free to ignore any portion of the data that is not mandatory and is further free to ignore any other 
portion of the data that is not needed to conduct their part of the associated transaction, unless 
required by sender, intermediaries or receiver. This minimum data set represents the most 
common data, and system designers are at liberty to add to it as they deem necessary to enrich or 
enhance their EHR systems. 

Modifier: Additional character of a code added to an existing code that is used to help in extending or 
localization of the existing code. 

[N] 

NANDA: North American Nursing Diagnosis Association 

National Council for Prescription Drug Programs: An ANSI-accredited group that maintains a number of 
standard formats for use by the retail pharmacy industry. 

Non-Participating Physician (or Provider): A provider, doctor or hospital that does not sign a contract to 
participate in a health plan, usually which requires reduced rates from the provider. In the Medicare 
Program, this refers to providers who are therefore not obligated to accept assignment on all Medicare 
claims. In commercial plans, non-participating providers are also called out of network providers or out 
of plan providers. If a beneficiary receives service from an out of network provider, the health plan 
(other than Medicare) will pay for the service at a reduced rate or will not pay at all. 

[O] 

Open Access: A term describing a member's ability to self-refer for specialty care. Open access 
arrangements allow a member to see a participating provider without a referral from another doctor. 
Health plan members' abilities, rights or invitation to self refer for specialty care. Also called Open Panel. 

openEHR:openEHR is an open standard specification in health informatics that describes the 
management and storage, retrieval and exchange of health data in electronic health records (EHRs). In 
openEHR, all health data for a person is stored in a "one lifetime", vendor-independent, person-centred 
EHR. Maintained by the openEHR Foundation, these are based on a combination of 15 years of 
European and Australian research and development into EHRs and new paradigms, including what has 
become known as the archetype methodology for specification of content and include information and 
service models for the EHR, demographics, clinical workflow and archetypes. They are designed to be 
the basis of a medico-legally sound, distributed, versioned EHR infrastructure. 
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OR: Operating Room - synonymous to OT as below 
OT: Operation Theatre 

OTC: Over the counter (drugs). Refers to those drugs that are available off the shelf without any 
prescription or advise from a registered medical practitioner 

Outcome: A clinical outcome is the "change in the health of an individual, group of people or population 
which is attributable to an intervention or series of interventions". (Taken from: Frommer, Michael; 
Rubin, George; Lyle, David (1992)."The NSW Health Outcomes program". New South Wales Public 
Health Bulletin 3: 135. doi:10.1071/NB92067) 

Outpatient Care: Care given a person who is not bedridden. It is also called ambulatory care. Many 
surgeries and treatments are now provided on an outpatient basis, while previously they had been 
considered reason for inpatient hospitalization. Some say this is the fastest growing segment of 
healthcare 

[P] 

Participating Physician: A primary care physician in practice in the payer's managed care service area 
who has entered into a contract. 

Past History: A list of a patient's past health problems, surgeries and specialists. 

Patient Demographics: All patient's pertinent information such as first and last name, SSN, DOB, 
insurance, etc. 

Patient Portal: A secure web-based system that allows a patient to register for an appointment, 
schedule an appointment, request prescription refills, send and receive secure patient-physician 
messages, view lab results, pay their bills electronically, access physician directories. 

Patient: A person who is under medical care or treatment 

PC Based: A program designed to run on an individual PC. This typically means data is not shared in real 
time among other PCs (users). 

PCP: Primary care physician who often acts as the primary gatekeeper in health plans. That is, often the 
PCP must approval referrals to specialists. Particularly in HMOs and some PPOs, all members must 
choose or are assigned a PCP. 

PHR: A personal health record or PHR is typically a health record that is initiated and maintained by an 
individual. An ideal PHR would provide a complete and accurate summary of the health and medical 
history of an individual by gathering data from many sources and making this information accessible 
online. 

Picture Archive Communication System (PACS): Used by radiology and diagnostic imaging organizations 
to electronically manage information and images 
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Practice Parameters, Practice Guidelines: Systematically developed statements to standardize care and 
to assist in practitioner and patient decisions about the appropriate health care for specific 
circumstances. Practice guidelines are usually developed through a process that combines scientific 
evidence of effectiveness with expert opinion. Practice guidelines are also referred to as clinical criteria, 
protocols, algorithms, review criteria, and guidelines. The American Medical Association defines practice 
parameters as strategies for patient management, developed to assist physicians in clinical decision¬ 
making. Practice parameters may also be referred to as practice options, practice guidelines, practice 
policies, or practice standards. 

Prescription Drug: Drug that the law says can only be obtained by prescription. 

Primary Care Physician: A "generalist" such as a family practitioner, pediatrician, internist, or 
obstetrician. In a managed care organization, a primary care physician is accountable for the total health 
services of enrollees including referrals, procedures and hospitalization. Also see Primary Care Provider. 

Primary Care Provider: The provider that serves as the initial interface between the member and the 
medical care system. The PCP is usually a physician, selected by the member upon enrollment, who is 
trained in one of the primary care specialties who treats and is responsible for coordinating the 
treatment of members assigned to his/her plan. 

Primary Care: Basic or general health care usually rendered by general practitioners, family 
practitioners, internists, obstetricians and pediatricians who are often referred to as primary care 
practitioners or PCPs. Professional and related services administered by an internist, family practitioner, 
obstetrician-gynecologist or pediatrician in an ambulatory setting, with referral to secondary care 
specialists, as necessary. 

Principal Diagnosis: The medical condition that is ultimately determined to have caused a patient's 
admission to the hospital. The principal diagnosis is used to assign every patient to a diagnosis related 
group. This diagnosis may differ from the admitting and major diagnoses. 

Privacy Standards: The Privacy standards restrict the use & disclosure of individually identifiable health 
information. Privacy standard applies to all protected health information may it is in physical or 
electronic form. 

Privacy: Privacy means an individual's interest in limiting who has access to personal health care 
information. Specific patient authorization is required for use and disclosure of clinical notes. As per 
Fernando & Dawson, 2009, privacy is control of access to private information avoiding certain kinds of 
embarrassment and can be shared or not shared with others; Only authorized (by the patient) people 
can view the recorded data or part thereof 

Progress Note: The documentation of a patient visit or encounter including all or part of the SOAP 
format. 

Protected health information (PHI): Any individually identifiable information whether oral or recorded 
in any form or medium that is created, or received by a health care provider, health plan or health care 
Healthcare provider and relates to past, present, or future physical or mental health conditions of an 
individual; the provision of health care to the individual; or past, present, or future payment for health 
care to an individual. 
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[R] 

Real Time: The instantaneous sharing of data among a user group. It is common to a client/server 
database configuration. 

Referral: Some insurance companies require that on specific plans a referral must be obtained for 
certain procedures or visits to specialists. The referral is acquired by the primary care physician (PCP) by 
contacting the insurance company by phone or mail. This is a request for the service. The referral 
consists of an authorization code, a number of visits allowed (if applicable) and an expiration date. 

Referring Provider: is the provider that referred the patient to a specialist or for a specific procedure. 

Relational Database: A database program that stores data in a manner similar to Excel, with the 
difference being the data elements are related (linked) to each other. 

Remote Access: Data travels through a private, protected passage via the Internet, allowing healthcare 
providers to access from home or another practice location and allows EMR vendor to perform system 
maintenance off-site 

Rendering/Performing Provider: The provider actually treating the patient. 

Roles and Access Levels:The role and access level of the user needs to be determined and set by the 
system administrator. The role determines the access level. While roles may be such as system 
administrator, medical doctor, registered nurse, medical student, medical assistant, nurse assistant, 
ancillary nurse, health worker, anganwadi worker, etc., the access levels may include viewing only, 
viewing/adding/editing only, viewing/adding/editing/deleting, all allowed etc. These need to be set out 
clearly in the SOP of the facility. 


ROS (Review of Systems): A series of questions related to the system(s) that the patient is having 
complaints about (i.e. respiratory for cold symptoms). 

RXNORM:RxNorm is the name of a US-specific terminology in medicine that contains all medications 
available on US market; it provides normalized names for clinical drugs and links its names to many of 
the drug vocabularies commonly used in pharmacy management and drug interaction software. 

[S] 

Secondary Care: Services provided by medical specialists who generally do not have first contact with 
patients (e.g., cardiologist, urologists, dermatologists). In the U.S., however, there has been a trend 
toward self-referral by patients for these services, rather than referral by primary care providers. This is 
quite different from the practice in England, for example, where all patients must first seek care from 
primary care providers and are then referred to secondary and/or tertiary providers, as needed. 

Security Standards: The Security Standards require measures to protect the confidentiality, integrity and 
availability of e-PHI while it's being stored & exchanged. The security standard applies to all electronic 
PHI. 
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Security: This refers to the methods and techniques adopted to protect privacy and are a defense 
mechanism from any attack (Hong et al., 2004) 

SNOMED: Systemized Nomenclature of Medicine Clinical Terms is the universal health care 
terminology. It is comprehensive and covers procedures, diseases, and clinical data. SNOMED CT helps 
to structure and computerize the medical record. It allows for a consistent way of indexing, storing, 
retrieving and aggregating clinical data across sites of care (i.e. hospitals, doctors offices) and specialties. 
By standardizing the terminology, the variability in the way data is captured, encoded and used for 
clinical care of patients and research is reduced. Allows for more accurate reporting of data. It is 
currently available in English, Spanish and German. 

Social History: A description of a patient's social habits and history including marital status, alcohol and 
drug use and exercise habits. 

Solo Practice, Solo Practitioner: A physician who practices alone or with others but does not pool 
income or expenses. This form of practice is becoming increasingly less common as physicians band 
together for contracting, overhead costs and risk sharing. 

SOP: Standard operating procedures or protocols 

SQL: Structured Query Language - is a computer language aimed to store, manipulate and retrieve data 
stored in relational databases. 

Subjective: Section in a progress note where a patient's account of their current problem is 
documented. Consists of chief complaint, HPI and ROS. 

Sx: Abbreviation for symptoms 

[T] 

Tl, T3 line: A high-speed internet connection provided via telephone lines often used by businesses 
needing internet connection speeds greater than DSL/Cable. 

Therapeutic Alternatives: Strong Drug products that provide the same pharmacological or chemical 
effect in equivalent doses. Also see Drug Formulary. 

TPA: Third Party Administrator 

Treatment Episode: The period of treatment between admission and discharge from a modality, e.g., 
inpatient, residential, partial hospitalization, and outpatient, or the period of time between the first 
procedure and last procedure on an outpatient basis for a given diagnosis. Many healthcare statistics 
and profiles use this unit as a base for comparisons. 

Treatment: The provision of health care by one or more health care providers. Treatment includes any 
consultation, referral or other exchanges of information to manage a patient's care. 

[V] 
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Vital Statistics: Statistics relating to births (natality), deaths (mortality), marriages, health, and disease 
(morbidity). Vital statistics for the United States are published by the National Center for Health 
Statistics. Vital statistics can be obtained from CDC, state health departments, county health 
departments and other agencies. An individual patient's vital statistics in a health care setting may also 
refer simply to blood pressure, temperature, height and weight, etc. 

VPN: Virtual Private Network - A VPN "tunnel" is a secure connection, typically firewall to firewall that 
provides for remote access to your data server. 

[X] 

XML (Extensible Markup Language): Used for defining data elements on a Web page and 
communication between two business systems. Example: Standard messaging system for and EMR to 
integrate with another software such as a practice management or drug formulary database. 
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11. FORMAT FOR MEDICAL RECORDS 

(As specified by Medical Council of India under regulation 3.1) 

Name of the patient: 

Age: 

Sex: 

Address: 

Occupation: 

Date of lst visit: 

Clinical note (summary) of the case: 

Provisional Diagnosis: 

Investigations advised with reports: 

Diagnosis after investigation: 

Advice: 

Follow up 
Observations: 

Date: 

Signature in full 


Name of Treating Physician 
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Recei pt.Na_: 

From: Baljit Singh Bedi <bsbedi11@gmail.com> 

Date: Fri, Jul 15, 2016 at 2:49 PM 

Subject: Updated revised EHR Standards document including consolidated analysed public comments 
To: Jitendra Arora <dir.ehealth@gmail.com> 

Cc: "Dr. S. B. Bhattacharyya" <sbbhattacharyya@gmail.com>, Gaur Sunder <gaurs@cdac.in>, Sunil Sharma JS 
<sunil.sharma62@gov.in>, Agarwal K B AS <asfnd.kb@gmail.com> 


Dear Shri Arora, 

Kindly recall our telecon today regarding holding of EHR Review Committee meeting 

Also refer to my sending the comprehensive consolidation of analysis of public comments on the draft revised updated 
document put up on MoH&FW Website assigned to undersigned,Dr.S.B. Bhattacharyya and Shri Gaur Sunder to 
MoH&FW and all Members of the Committee. 

As suggested in our telephonic conversation, I am attaching the draft Revised document incorporating the accepted 
comments and other related changes finalised by us.A PDF version is also attached which you may like to circulate 
along with the meeting notice to members 

Warm regards 

Baljit Bedi 

Baljit Singh Bedi 
Adviser,Health Informatics, 

& 

Member,National EMR Standardisation Committee, MoH&FW,Govt.of India & Chair, Task Group on 
Interoperabilty;Member, MoH&FW EHR Review Committee 
& 

Chair, FICCI India Health Information Network(IHIN) WG on EHR & Standards 

Past President,TSI 
& 

Ex. Sr.Director &Head, Medical Electronics &Telemedicine Div.,DeitY, 

MC&IT,Gov.of India 


2 attachments 

-1 EHR Standards for India - FINAL- July 2016.docx 

- J 81K 

EHR Standards for India - FINAL- July 2016.pdf 

J 1000K 
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Q-11011/2/2016-eGov 
Government of India / 

D/o Health and Family Welfare/ 

e-Governance Section / 

***** 

RrH W, Tf 
Rh i=b: 27 th July 2016 


Meeting Notice 


Subject: Meeting of EHR Review Committee on 

Nirman Bhawan, New Delhi. 


8 th August, 2016 at 3.00PM in 


Ministry of Health and Family Welfare notified Electronic Health Record (EHR) 
Standards in September 2013 to encourage standardization, integration and electronic 
information exchange amongst the various healthcare providers. 


2 The 4 th meeting of the EHR Review Committee under the Chairmanship of Shri Sunil Sharma 
joint Secretary (eGov), MoHFW has been scheduled to be held on 8th August, 2016 at 3.00 PM in 
Room No 249-A wing, Nirman Bhawan, New Delhi. 


3. All the addressees are 

per the above schedule. 


re 


quested to kindly make it convenient to attend the meeting as 


(Jitendra Arora) 
Director (e-Gov) 


To: 

1 . 

2 . 

3. 

4. 

5. 

6 . 

7. 

8 . 

9. 

10 . 

11 


Dr Supten Sarbadhikari, Project Director (NHP), NIHFW 

Mrs. Kavita Bhatia, Scientist E'^ elt .. 

Shri Jitendra Arora, Director (eGov), 0 
Dr. S B Bhattacharya, Head Health In or 
Dr B.S. Bedi, Advisor, CDAC, Delhi 
Shri. Gaur Sunder, CDAC, Pune 
Shri. Sunil Kumar Bhushan, NIC, Health 
Dr. Karanvir Singh, CIO, Apollo Hospitals 
Ms Shobha Mishra Ghosh, Senior Director, FICCI 

Dr Rajesh Narwal, Technical Director, Health System Regulations, WHO 
. Mr Amit Mishra, Senior Consultant, NHSRC 


12. PL (ePMU team), MoHFW 

Copy to: 

1. PPSto AS (KBA), MoHFW 

2. PPS to JS (eGov), MoHFW 
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Government of India 
Ministry of Health and Family Welfare 

eGovernance Section 

******* 


Subject: Minutes of the Fourth Meeting of the Electronic Health Record (EHR) 

Standards Review Committee held on 08 th August 2016. 

Fourth meeting of EHR review committee was held under the Chairmanship of 
Shri Sunil Sharma, Joint Secretary (eGov), MoHFW on 8 th August 2016 in room no. 
249-A wing, Nirman Bhawan, MoHFW. List of Participants is placed at Annexure I. 

2. Shri Jitendra Arora, Director (eGov.), MoHFW welcomed the participants and 
briefed regarding the agenda of the meeting. Thereafter he requested Shri B S Bedi to 
make presentation covering (a) an analysis of the comments received from public 
domain on the Draft EHR Standards, 2016 and (b) final recommendations for EHR 
Standards 2016. 

3. Shri BS Bedi made a detailed presentation on the final recommendations for 
EHR Standards 2016 outlined after appropriate incorporation of the comments received 
from public domain on the Draft Standards. Further he mentioned that the revised Draft 
Standards were circulated to the Committee Members and the recommendations had 
been agreed upon by them. A copy of the presentation is provided at Annexure II. 

4. After the presentation, JS(eGov) requested the participants to share their 
views/observations, if any. 

5. The comments from DeitY were discussed during the meeting as mentioned by 
the representative from DeitY. Shri Bedi highlighted that the final recommendations for 
Standards adequately addressed these comments. 
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6. Based on the detailed discussion/deliberation during the meeting following 
decisions were taken: 

• The EHR Standards 2016 recommended by the Committee may be notified. 

• Workshops on EHR Standards may organized at regional level especially 
focusing on individual practitioners and small scale healthcare service providers 
for adoption of standards by them. iNRC Team at CDAC Pune to work on this. 

• NIC Team at Agartala managing eHospital should be trained in SNOMED CT at 
the earliest. iNRC Team at CDAC Pune to work on this. 

• eGov. Division to hold meeting with CDSCO regarding building Drug Master 
Database. 

• eGov. Division to hold discussion(s) with government agencies like CGHS, 
ESIC etc. and private insurance sector to evaluate and work out mechanism for 
mandating compliance with EHR Standards in Health IT Systems. 

• Implementation of SNOMED CT in select Public Health IT Systems may be 
taken up so that data reporting and analytics could be improved in such IT 
Systems especially of large scale. For this purpose, Mother & Child Tracking 
System (MCTS) may be considered initially. CHI may prepare a detailed 
change management paper and action plan in this regard for discussion with 
NHM and NIC. 

• MDDS for Health may be finalized in alignment with the revised EHR Standards 
2016. 
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The meeting ended with vote of thank to the Chair and the participants. 
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Annexure I 

List of participants: 

1. Shri Sunil Sharma, Joint Secretary (eGov), MoHFW 

2. Shri Rajendra Pratap Gupta, Advisor to HFM, MoHFW 

3. Shri Jitendra Arora, Director (eGov), MoHFW 

4. Shri Gaur Sunder, PTO, CDAC- Pune 

5. Shri S. B. Bhattacharya, Head Health Informatics, TCS 

6. Dr. Karanvir Singh, CIO, Apollo Hospitals 

7. Shri B.S. Bedi, Advisor, CDAC, Delhi 

8. Shri Mayank, Scientist C, DeitY 

9. Shri Anirudh Sen, Deputy Director, FICCI 

10. Prof. S. N. Sarbadhikari, Project Director (CHI) 

11. Shri Amit Mishra, Senior Consultant, NHSRC 

12. Shri D.K Jain, Director, CDAC-Mohali 

13. Dr. Sanjay Sood, Head Health Informatics, CDAC-Mohali 
14.Shri Chandrasen, Project Lead (eGov), MoHFW 
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* Q-11011/2/2016-eGov 

Government of India / 

D/o Health and Family Welfare/ h i w x^f 

e-Governance Section / (f-xra^r 3nprnr) 

***** 

Rnh w, 

f^Tt^:01 st Sept, 2016 


OFFICE MEMORANDUM 


Subject: Minutes of the 4 th Meeting of the "Electronic Health Record (EHR) Standards" review 
committee held on 8 th August 2016 


The fourth meeting of EHR Standards Review Committee was held on 8 th August, 2016 at 
3.00 PM in Room No 249-A wing, Nirman Bhawan, New Delhi under the Chairmanship of Shri Sunil 
Sharma, JS (eGov). 

2. The Minutes of the said meeting are enclosed. 


(Jite'Hdra Arora) 
Director (eGov) 


1. Dr Supten Sarbadhikari, Project Director (NHP), NIHFW 

2. Mrs. Kavita Bhatia, Scientist 'E', DeitY 

3. Shri Jitendra Arora, Director (eGov), MoHFW 

4. Dr. S B Bhattacharya, Head Health Informatics, TCS 

5. Dr B.S. Bedi, Advisor, CDAC, Delhi 

6. Shri. Gaur Sunder, CDAC, Pune 

7. Shri. Sunil Kumar Bhushan, NIC, Health 

8. Dr. Karanvir Singh, CIO, Apollo Hospitals 

9. Ms Shobha Mishra Ghosh, Senior Director, FICCI 

10. Dr. Rajesh Narwal, Technical Director, Health System Regulations, WHO 

11. Mr Amit Mishra, Senior Consultant, NHSRC 

12. PL (ePMU team), MoHFW 
Copy to: 

1. PPS to AS (KBA), MoHFW 

2. PPS to JS (eGov), MoHFW 
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EXECUTIVE SUMMARY 


Executive Summary 

INTRODUCTION 

In September 2013 the Ministry of Health & Family Welfare (MoH&FW) notified the Electronic Health 
Record (EHR) Standards for India. The set of standards given therein were chosen from the best available and 
used standards applicable to Electronic Health Records from around the world keeping in view their 
suitability and applicability in India. The Committee constituted to recommend the standards drew from 
experts, practitioners, government officials, technologists, and industry. The notified standards were not only 
supported by professional bodies, regulatory bodies, stakeholders, but various technical and social 
commentators as well as being a step in the right direction. MoH&FW moved ahead with facilitating the 
adoption, as next steps, and in last two years the Ministry has made available standards like SNOMED CT free 
for use in country as well as appoint interim National Release Center (NRC) to handle this clinical 
terminology standard that is fast gaining widespread acceptance amongst the various healthcare IT 
stakeholder communities worldwide. 

At the time of notifying the standards in September 2013, it was understood that the standards themselves 
will continue to evolve over time. Consequently, it was accepted that this notification will require revision 
from time to time. This becomes all the more necessary as understanding of those standards, their 
implementation and the expectations from the healthcare systems improve. Hence, MoH&FW constituted an 
expert group to review the earlier notified set of standards based on the experience and eyes firmly on the 
future. The set of standards provided herein represents the recommendations of the Expert Committee 
arrived at after deliberating on the various aspects of standardizations in healthcare record systems. The 
Committee also carefully examined the provisions of open standards and the guidelines as per the norms 
suggested by DeitY, MCIT, Government of India and recommended the standards given later in the document. 

NEED FOR ELECTRONIC HEALTH RECORD 

For a health record of an individual to be clinically meaningful it needs to be from conception or birth, at the 
very least. As one progresses through one’s life, every record of every clinical encounter represents a health- 
related event in one’s life. Each of these records may be insignificant or significant depending on the current 
problems that the person is suffering from. Thus, it becomes imperative that these records be available, 
arranged and be clinically relevant to provide a summary of the various clinical events in the life of a person. 

An Electronic Health Record (EHR) is a collection of various medical records that get generated during any 
clinical encounter or events. With rise of self-care and homecare devices and systems, meaningful 
healthcare data get generated 24x7 and also have long-term clinical relevance. The purpose of collecting 
medical records, as much as possible, are manifold - better and evidence based care, increasingly accurate 
and faster diagnosis that translates into better treatment at lower costs of care, avoid repeating unnecessary 
investigations, robust analytics including predictive analytics to support personalized care, improved health 
policy decisions based on better understanding of the underlying issues, etc., all translating into improved 
personal and public health. 
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EXECUTIVE SUMMARY 


Without standards, a lifelong medical record is simply not possible, as different records from different 
sources spread across ~80+ years potentially needs to be brought meaningfully together. To achieve this, a 
set of pre-defined standards for information capture, storage, retrieval, exchange, and analytics that includes 
images, clinical codes and data is imperative. 

STRATEGIC HIGHLIGHTS 

This document provides a structured overview of the key EHR standards with respect to Indian healthcare 
system. For every aspect of data/information that is part of any healthcare record system has been 
addressed with a short guideline regarding implementation included. Various non-related recommendations 
from previous edition have been removed to better streamline the set of standards selected and achieve 
harmony among them. A detailed recommendation on the interoperability and standards, clinical informatics 
standards, data ownership, privacy and security aspects, and the various coding systems are given. The set of 
standards given in earlier edition has been updated with their latest versions as we move towards a better 
implementation. 

SCOPE 

This document provides a set of recommendations relevant to adoption of electronic health informatics 
standards in EHR/EMR and other similar clinical information systems. The scope is limited to identifying the 
standards, their intended purposes in such systems, and a short guideline for implementation approach. It is 
understood that with adoption of these standards properly, the data capture, storage, view, presentation, and 
transmission will be standardized to level that will achieve interoperability of both meaning and data 
contained in clinical records. This document does not cater to wider implementation scenarios such as of 
administrative, legal or regulatory nature. This document also does not cater to aspects of creation and 
operation of local, regional or national infrastructures, indexes, or repositories as they are dealt with by 
appropriate regulative/administrative body. 

LOOKING AHEAD 

This document is a continuation of its earlier version, but in many ways reflects our growing confidence in 
path correctly chosen earlier - set of international and proven standards focused towards syntactic and 
semantic interoperability. The idea that any person in India can go to any health service 
provider/practitioner, any diagnostic center or any pharmacy and yet be able to access and have fully 
integrated and always available health records in an electronic format is not only empowering but also vision 
for efficient 21 st century healthcare delivery. 

In conclusion, it must be reiterated that these standards cannot be considered either in isolation or as 
"etched in stone for all eternity”. These will need to undergo periodic review and update as necessary. Hence, 
this document must be a "living document". 
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STANDARDS AT A GLANCE 


Standards at a Glance 

This section is provided for quick reference. Details are provided in the subsequent sections. N.B., this is a 
tentative list only. 


s. 

No. 

Type 

Standard Name 

Intended Purpose 

1 

Identification & 
Demographics 

ISO/TS 22220:2011 Health Informatics - Identification 
of Subjects of Health Care 

Basic identity details of 
patient 

2 

MDDS - Demographic (Person Identification and Land 
Region Codification) version 1.1 

Complete demographic 
for interoperability 
with E-Governance 
systems 

3 

Patient 

Identifiers 

UIDAI Aadhaar 

Preferable identifier 
where available 

4 

Local Identifier 

Identifier given within 
institution / clinic / lab 

5 

Government Issued Photo Identity Card Number 

Identifier in 
conjunction with local 
in absence of Aadhaar 

6 

Architecture 

Requirements 

ISO 18308:2011 Health Informatics - Requirements for 
an Electronic Health Record Architecture 

System architectural 
requirements 

7 

Functional 

Requirements 

ISO/HL7 10781:2015 Health Informatics - HL7 

Electronic Health Records-System Functional Model 
Release 2 (EHR FM) 

System functional 
requirements 

8 

Reference 

Model and 
Composition 

ISO 13940 Health informatics - System of Concepts to 
Support Continuity of Care 

Concepts for care, 
actors, activities, 
processes, etc. 

9 

ISO 13606 Health informatics - Electronic Health 

Record Communication (Part 1 through 3) 

Information model 
architecture and 
communication 

10 

openEHR Foundation Models Release 1.0.2 

Structural definition 
and composition 

11 

Terminology 

SNOMED Clinical Terms (SNOMED CT) 

Primary terminology 

12 

Coding System 

Logical Observation Identifiers Names and Codes 
(LOINC) 

Test, measurement, 
observations 

13 

WHO Family of International Classifications (WHO- 
FIC) 

including ICD, ICF, ICHI, ICD-0 

Classification and 
reporting 
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STANDARDS AT A GLANCE 


s. 

No. 

Type 

Standard Name 

Intended Purpose 

14 

Imaging 

Digital Imaging and Communications in Medicine 
(DICOM] PS3.0-2015 

Image, waveform, 
audio/video 

15 

Scanned or 
Captured 

Records 

JPEG lossy (or lossless] with size and resolution not 
less than 1024pxx 768px at 300dpi 

Image capture format 

16 

ISO/IEC 14496 - Coding of Audio-Visual Objects 

Audio/Video capture 
format 

17 

ISO 19005-2 Document Management - Electronic 
Document File Format for Long-Term Preservation - 
Part 2: Use of ISO 32000-1 (PDF/A-2] 

Scanned documents 
format 

18 

Data Exchange 

ANSI/HL7 V2.8.2-2015 HL7 Standard Version 2.8.2 - 
An Application Protocol for Electronic Data Exchange 
in Healthcare Environments 

Event/Message 

exchange 

19 

ASTM/HL7 CCD Release 1 (basis standard ISO/HL7 
27932:2009] 

Summary Records 
exchange 

20 

ISO 13606-5:2010 Health informatics - Electronic 

Health Record Communication - Part 5: Interface 
Specification 

EHR archetypes 
exchange [Also, refer to 
openEHR Service 

Model specification] 

21 

DICOM PS3.0-2015 (using DIMSE services & Part-10 
media/files] 

Imaging/Waveform 

Exchange 

22 

Other Relevant 
Standards 

Bureau of Indian Standards and its MHD-17 Committee 

Standards 

Development 
Organizations (SDOs] 

23 

ISO TC 215 set of standards 

24 

IEEE/NEMA/CE standards for physical systems and 
interfaces 

25 

Discharge/ 

Treatment 

Summary 

Medical Council of India (MCI] under regulation 3.1 of 
Ethics 

Composition as 
prescribed 

26 

E-Prescription 

Pharmacy Practice Regulations, 2015 Notification No. 
14-148/ 2012- PCI as specified by Pharmacy Council of 
India 

Composition as 
prescribed 

27 

Personal 
Healthcare and 
medical Device 
Interface 

IEEE 11073 health informatics standards and related 

ISO standards for medical devices 

Device interfacing 

28 

Data Privacy 
and Security 

ISO/TS 14441:2013 Health Informatics - Security & 
Privacy Requirements of EHR Systems for Use in 
Conformity Assessment 

Basis security and 
privacy requirements 
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STANDARDS AT A GLANCE 


s. 

No. 

Type 

Standard Name 

Intended Purpose 

29 

Information 

Security 

Management 

1SO/DIS 27799 Health informatics - Information 

Security Management in Health using ISO/1EC 27002 

Overall information 
security management 

30 

Privilege 
Management 
and Access 
Control 

ISO 22600:2014 Health informatics - Privilege 
Management and Access Control (Part 1 through 3] 

Access control 

31 

Audit Trail and 
Logs 

ISO 27789:2013 Health informatics - Audit trails for 
Electronic Health Records 

Audit trail 

32 

Data Integrity 

Secure Hash Algorithm (SHA) used must be SHA-256 
or higher 

Data Hashing 

33 

Data Encryption 

Minimum 256-bits key length 

Encryption key 

34 

HTTPS, SSL v3.0, and TLS vl.2 

Encrypted connection 

35 

Digital 

Certificate 

ISO 17090 Health informatics - Public Key 

Infrastructure (Part 1 through 5} 

Digital certificates use 
and management 


Note: Where year of publication or version of standard (or its parts) is not provided explicitly, the latest 
published version of standard (or its parts) available from standard body as on the date of notification / 
circulation of this recommendation is to be used 


Page 5 



















File No. Q-11ff1lt/£iaGa6l-ftGbh/a;/G0lli€i3eiCtovNo. 3062309 ) 


192 


Issue No : 1/3045468/2016 


STANDARDS AT A GLANCE 


List of Supporting / Complimenting Standards 

The following list is indicative and representative and not comprehensive or definitive. These standards are 
advised to he used where applicable and as required 


S. No. 

Standard 

Description 

1 

ISO 12967:2009 

Health Informatics - Service Architecture (Parts 1 - 3) 

2 

ISO 13972:2015 

Health Informatics - Detailed Clinical Models, Characteristics and Processes 

3 

ISO 20301:2014 

Health Informatics - Health Cards - General Characteristics 

4 

ISO 21090:2011 

Health Informatics - Harmonized Data Types for Information Interchange 

5 

ISO 8601:2004 

Data elements and Interchange Formats - Information Interchange - 
Representation of Dates and Times 

6 

ISO 13119:2012 

Health Informatics - Clinical Knowledge Resources - Metadata 

7 

ISO 22857:2013 

Health Informatics - Guidelines on Data Protection to Facilitate Trans- 

Border Flows of Personal Health Data 

8 

ISO 21549-1:2013 

Health Informatics — Patient Healthcard Data — Part 1: General Structure 

9 

ISO TS 14265:2011 

Classification of Purposes for Processing Personal Health Information 

10 

ISO TS 27527:2010 

Health Informatics - Provider Identification 
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STANDARDS AND INTEROPERABILITY 


Standards and Interoperability 

INTEROPERABILITY STANDARDS 

The primary aim of interoperability standards is to ensure syntactic (structural) and semantic (inherent 
meaning) interoperability of data amongst systems at all times. The need for that cannot be overstated, 
more so within healthcare information systems whose primary aim is to deliver life-long clinical care at all 
times so that the person being cared for is able to maintain his/her health. 

The set of standards outlined in this document represents an incremental approach to adopting standards, 
implementation specifications; criteria to enhance the interoperability, functionality, utility, and security of 
health information technology; and to support its widespread adoption. It is to be kept in mind that these 
standards need to be flexible and modifiable to adapt to the demographic and resource variance observed in 
a country like India with its large population with diverse culture that is spread across a large region of 
varied geographical landscapes - hilly regions, river basins, desert, coast, etc. - many of which are remote 
and accessible with difficulty. 

It is important to recognize that interoperability and standardization can occur at many different levels. To 
achieve interoperability, information models would need to be harmonized into a consistent representation. 

In other cases, organizations may use the same information model, but use different vocabularies or code 
sets (for example, SNOMED CT or 1CD10) within those information models. To achieve interoperability at 
this level, standardizing vocabularies, or mapping between different vocabularies may be necessary. For 
some levels, (such as the network transport protocol), an industry standard that is widely used (e.g. TCP/IP - 
Transmission Control Protocol and Internet Protocol) will likely be the most appropriate. Ultimately, to 
achieve true interoperability, it is anticipated that multiple layers - network transportation protocols, data 
and services descriptions, information models, and vocabularies and code sets - will need to be standardized 
and/or harmonized to produce an inclusive, consistent representation of the interoperability requirements. 

It is further anticipated that using a harmonization process will integrate different representations of health 
care information into a consistent representation and maintain and update that consistent representation 
over time. For an information model, this process could include merging related concepts, adding new 
concepts, and mapping concepts from one representation of health care information to another. The need to 
support standardization of data and services descriptions and vocabularies and codes sets is appropriately 
addressed. 

It is also recognized that a sustainable and incremental approach to the adoption of standards will require 
processes for harmonizing both current and future standards. This will allow the incremental updating of the 
initial set of standards, implementation specifications, and certification criteria and provide a framework to 
maintain them. The decision to adopt such updates will be informed and guided by recommendations from 
an appropriate authority such as the proposed National effealth Authority (NeHA), Ministry of Health & 
Family Welfare or expert groups. 


Page 7 





File No. Q-11ff1lt/£iaGa6l-ftGbh/a;/G0lli€i3eiCtovNo. 3062309 ) 


194 


Issue No : 1/3045468/2016 


STANDARDS AND INTEROPERABILITY 


GOALS 

The goals of standards in electronic health record systems are: 

• Promote interoperability and where necessary be specific about certain content exchange and 
vocabulary standards to establish a path forward toward semantic interoperability 

• Support the evolution and timely maintenance of adopted standards 

• Promote technical innovation using adopted standards 

• Encourage participation and adoption by all vendors and stakeholders 

• Keep implementation costs as low as reasonably possible 

• Consider best practices, experiences, policies and frameworks 

• To the extent possible, adopt standards that are modular and not interdependent. 
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Health Record IT Standards 

IDENTIFICATION AND DEMOGRAPHIC INFORMATION OF PATIENT 
Demographic information including a unique identifier is necessary in a health record system in order to 
capture identifying information as well as identifiers for linking other medical artifacts logically as well as 
physically. All health record systems must therefore adhere to the following standards for capturing 
information related to patient demography and identifiers: 

1. ISO/TS 22220:2011 Health Informatics - Identification of Subjects of Health Care 

2. MDDS - Demographic (Person Identification and Land Region Codification) version 1.1 from E- 
Governance Standards, Government of India 

Implementation Guideline: Implemented must insure that health record application is able to capture all data 
fields as provided in the above two standards for completeness. It should also ensure that the system is able 
to interoperate (receive/import/send/export) all demographics information as provided in above two 
standards as per demand, i.e. when requested for demographics data in MDDS compliant format it should 
generate artefacts (file, message, etc.) as per that standard Where codes related to location, authority, type of 
organization etc. are required, they should be taken from the MDDS-Demographic Standard 

A health record system must have provision to include patient identifiers of following types: 

1. U1DAI Aadhaar Number (preferred where available) 

2. Both of following in case Aadhaar is not available: 

2.1 Local Identifier (as per scheme used by HSP) 

2.2 Any Central or State Government issued Photo Identity Card Number 
Implementation Guidelines: 

1. Implemented must ensure that the Aadhaar number, where that is available, be used as the preferred 
identifier to serve as the unique health identifier. In case the Aadhaar number is not available, the 
system should allow a user to insert more than one (minimum two) identifiers for each patient along 
with its scope and provider (as given in above mentioned patient demography standards) in the system. 
In situations where identity of patient cannot be obtained or ascertained, temporary identifiers may be 
used (as per scheme used by HSP) and later confirmed identifiers may be inserted (while making 
earlier ones as inactive). 

2. Identification of Patient across EHR systems : Due to lack of mandate for use of Aadhaar or any such 
alternative(s) national unique identifier, it is difficult to match patient records when exchanging them 
between two EHR systems. This may lead to situations where different combinations of local identifier 
and photo identity card numbers of the same person are used at different locations and/or in solutions. 
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Thus, a single person may get to have different identities under which his/her records are captured A 
conflict resolution process may be required to help resolve such cases. At this time, there is no direct 
solution available other than to use smart (possibly heuristic) algorithms to attempt to match records 
without or with intervention/confirmation of a human supervisor. Such an algorithm may use name 
(phonetic or spelling), address (full or parts), date of birth / age, gender, or other such matching details 
to mark incoming or searched records as possible or exact match before amalgamation or subsequent 
use. ISV may additionally need to provide the ability to merge/demerge patients to support this process 
within their solutions. 

ARCHITECTURE REQUIREMENTS AND FUNCTIONAL SPECIFICATIONS 

A health record system must meet architectural requirements and functional specifications to remain 
faithful to the needs of service delivery, be clinically valid and reliable, meet legal and ethical requirements, 
and support good medical practices. Therefore, a health record system must conform to the following 
standards: 

1. ISO 18308:2011 Health Informatics - Requirements for an Electronic Health Record Architecture 

2. ISO/HL7 10781:2015 Health Informatics - HL7 Electronic Health Records-System Functional Model 
Release 2 (EHR FM) 

Implementation Guideline: Above two standards, despite being extensive, are not full set of specifications and 
requirements to be met by a health record system or its many variants (PHR, etc.) or all possible use cases. 
The above mentioned standards are to be used as minimum set to be used within the scope of 
implementation as per relevance to the system being developed / deployed 

LOGICAL INFORMATION REFERENCE MODEL AND STRUCTURAL COMPOSITION 
A health record system must accumulate observable data and information for all clinically relevant events 
and encounters. For this purpose, it is important to have common semantic and syntactic logical information 
model and structural composition for captured artefacts. Unless the data being captured is standardized, its 
communication and understanding may not be same across systems. Therefore, a health record system 
must conform to the following standards: 

1. ISO 13940 Health Informatics - System of Concepts to Support Continuity of Care 

2. ISO 13606 Health Informatics - Electronic Health Record Communication (Part 1 though3) 

3. openEHR Foundation Models Release 1.0.2 

3.1 Required Model Specifications: Base Model, Reference Model, Archetype Model 

3.2 Optional Model Specifications: Service Model, Querying, Clinical Decision Support 

Implementation Guideline: The ISO 13940 (also known as CEN ContSys) is to be generally used for purpose 
of modelling and describing concept system and organize information objects. While ISO 13606 set of 
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standards are basic reference model and related specifications, openEHR provides ISO 18308 conformant 
platform-independent implementation harmonized with ISO 13606 standard. Implemented are free to 
design internal structures, databases, and user interfaces as per the requirements and technology platforms 
but structural composition for clinical data/information artefact must be logically similar to Reference Model 
given in above standards. openEHR Operational Templates (OPT] adopted by an implementation, are to be 
public and free in required format for other implemented to ensure interoperability among them. 

MEDICAL TERMINOLOGY AND CODING STANDARDS 

In order to have semantic interoperability between different health record systems, it is necessary to follow 
a common terminology and coding system standards to express unambiguous meaning of data captured, 
stored, transmitted, and analyzed. It is also important to have these terminologies and codes in computer 
process-able format to aid automation and ensure that data is in an analyzable state at all times. Therefore, a 
health record system must conform to the following standards: 

1. Primary Terminology: 1HTSDO - SNOMED Clinical Terms (SNOMED CT] 

Implementation Guideline: A health record system must use SNOMED CT as the primary internal encoding 
system for all clinically relevant, including dental, nursing, substance/drugs, information. IHTSDO SNOMED 
CT code shall also be used while communicating clinical information to other health record systems. 
SNOMED CT concept codes (as pre-coordinated or as post-coordinated expressions] are to be used for all 
hierarchies covered under the standard unless otherwise provided in this document. It shall also be the 
coding system that must be used internally in other information storage and communication standards such 
as openEHR archetypes, HL7, DICOM, etc. IHTSDO releases SNOMED CT twice annually. 

2. Test, Measurement and Observation Codes: Regenstrief Institute - Logical Observation Identifiers 
Names and Codes (LOINC] 

Implementation Guideline: LOINC coding is to be used for processing results and reports with Laboratory 
and Imaging Information Systems. N.B.: SNOMED CT to LOINC coding interchange map is available from 
IHTSDO and Regenstrief Institute. 

3. Classification Codes: WHO Family of International Classifications (WHO-FIC] 

3.1 WHO ICD-10: International Classification of Diseases (ICD] and its derivative classifications 

3.2 WHO ICF: International Classification of Functioning, Disability and Health (ICF] 

3.3 International Classification of Health Interventions (ICHI] 

3.4 International Classification of Diseases for Oncology (ICD-O] 

Implementation Guideline: WHO FIC codes are primarily used for aggregated information and 
statistical/epidemiological analysis for public health purposes derived from health records that contain 
patient care related information as well as information that is crucial for management, health financing and 
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general health system administration. While SNOMED CT is to be used by health record systems for 
terminology, generated classification-based reports may require the use of WHO F1C codes. Classification 
based reporting, for statistical or regulatory purposes, may continue to use WHO FIC codes as mandated by 
the health regulatory, intelligence, and various research bodies. N.B.: SNOMED CT to ICD-10 coding 
interchange map is available from IHTSDO and WHO. 

DATA STANDARDS FOR IMAGE, MULTIMEDIA, WAVEFORM, DOCUMENT 
A health record system stores data records and files of various types in support of clinical functions. These 
data elements serve the purpose of documentary records of various diagnostic and prescriptive data or 
information generated Therefore, a health record system must conform to the following standards for such 
data: 

1. NEMA Digital Imaging and Communications in Medicine (DICOM) PS3.0-2015 

Implementation Guideline: NEMA DICOM PS3.0-2015 is a comprehensive standard for handling and 
managing image (series or single), waveforms (such as those in ECG/EEG), audio (such as those in digital- 
stethoscope) and video (such as those in endoscope, ultrasound) data in medicine. A health record 
implementation is required to implement relevant DICOM Information Object Definitions (IODs) for 
supported data types in Part-10 compliant files. Where required and relevant, other features of standard 
such as services, display, print, and workflow may be implemented 

2. Scanned or Captured Records: 

2.1 Image: JPEG lossy (or lossless) with size and resolution not less than 1024pxx 768px at 300dpi 

2.2 Audio/Video: 1SO/1EC 14496 - Coding of Audio-Visual Objects 

2.3 Scanned Documents: ISO 19005-2 Document Management - Electronic Document File Format for 

Long-Term Preservation - Part 2: Use of ISO 32000-1 (PDF/A-2) (ref: Best Practices and 
Guidelines for Production of Preservable e-Records Verl.O from DeitY, Ministry of Comm. & IT, 
Govt, of India) 

Implementation Guideline: The above mentioned standards are to be used for documentary data (scan for 
prescription, summaries, etc.) and data captured through traditionally non-DICOM compliant sources like 
picto-micrographs, pathological photographs, photographs of intramural and extramural lesions, etc. All 
data formats that can be converted into relevant DICOM format should be, as relevant, converted and 
communicated as secondary captured DICOM format. It may be noted that while no maximum image 
resolution has been prescribed, a sufficiently acceptable limit may be used to avoid unnecessarily large file 
that do not aid in correspondingly better diagnosis or analysis. 
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DATA EXCHANGE STANDARDS 

A health record system has to operate in a larger ecosystem of other components with which it must share 
or communicate data in order to capture and provide as comprehensible medical information as is practical. 
A health record system must therefore conform to the following standards: 

1. Event/Message Exchange: ANSI/HL7 V2.8.2-2015 HL7 Standard Version 2.8.2 - An Application Protocol 
for Electronic Data Exchange in Healthcare Environments 

2. Summary Records Exchange: ASTM/HL7 CCD Release 1 (basis standard ISO/HL7 27932:2009) 

3. EHR Archetypes: ISO 13606-5:2010 Health informatics - Electronic Health Record Communication - 
Part 5: Interface Specification [Also, refer to openEHR Service Model specification] 

4. Imaging/Waveform Exchange: NEMA DICOM PS3.0-2015 (using DIMSE services& Part-10 media/files) 

Implementation Guideline: Implementation of exchange standards is expected to be at least for the scope of 
data captured or retained by the health record system. To explain further, full implementation of ANS1/HL7 
V2.8.2 for each event and message is not required in health record systems but minimum implementation 
supporting the types of events and messages relevant to the system is required Similarly, 
implementation/support of DICOM DIMSE C-Store and/or C-F1ND/C-GET service is expected for lODs 
supported by health record system whereas implementation of WADO could be optional. 

OTHER STANDARDS RELEVANT TO HEALTHCARE SYSTEMS 

Healthcare record systems need to co-exist within a larger ecosystem with various other systems. It is 
important for all systems within a healthcare setup to adhere to relevant standards. While standards related 
to such systems are not within the scope of this document, as a general rule, standards created or ratified by 
following Standard Development Organizations (SDOs) should be used: 

1. Bureau of Indian Standards and its MHD-17 Committee 

2. ISO TC 215 set of standards 

3. IEEE/NEMA/CE standards for physical systems and interfaces 


Implementation Guideline: To help the implementers, an indicative list of such standards is provided in the 
"Standards at a Glance” section above. BIS approved standards shall be preferred for implementation. 

DISCHARGE/TREATMENT SUMMARY FORMAT 

Implementers must ensure that the logical information model includes data elements to satisfy requirements 
of the format for Medical Records as specified by Appendix-3 of Medical Council of India (MCI) Code of 
Ethics Regulation 2002 (amended up to Feb-2016). The printed reports should meet MCI prescribed format 
whenever any discharge or treatment summary is prepared 
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E-PRESCRIPTION 

Pharmacy Council of India (PCI) has, in its recent regulation (Pharmacy Practice Regulations, 2015 
Notification No. 14-148/ 2012- PCI), provided the definition of the term under Section 2(j) that the term 
‘Prescription’ includes the term 'electronic direction’. Implementers must therefore ensure that the logical 
information model includes data elements to satisfy requirements of the format for Medical Prescription as 
specified by the Pharmacy Council of India. The printed prescription will need to be in the PCI prescribed 
format whenever any medical prescription meant for drug dispensing is prepared. For the purpose of e- 
Prescription, implementers must ensure that the electronic version is digitally signed by a registered 
medical practitioner, and its non-repudiation is ensured at all times. The pharmacists shall be able to print a 
copy of e-Prescription in the required format along with other relevant digital authentication details. 

PERSONAL HEALTHCARE AND MEDICAL DEVICES INTERFACING 
Where not covered under relevant data exchange standards, it is recommended that IEEE 11073 health 
informatics standards and related ISO standards for medical devices be followed as appropriate whenever 
any personal healthcare/medical device is interfaced with the EMR system for the purpose of clinical data 
exchange, retrieval, storage, etc. 

PRINCIPLES OF DATA CHANGE 

The data once entered into a health record system must become immutable. The healthcare provider may 
have the option to re-insert/append any record in relation to the medical care of the patient as necessary 
with a complete audit trail of such change maintained by system. Alteration of the previously saved data 
should not be permitted. No update or update like command shall be accessible to user or administrator to 
store a medical record or part thereof. Any record requiring revision should create a new medical record 
containing the changed/appended/modified data of earlier record This record shall then be stored and 
marked as ACTIVE while rendering the previous version(s) of the same record marked INACTIVE. The data 
will thus be immutable. A strict audit trail shall be maintained of all activities at all times that may be 
suitably reviewed by an appropriate authority like auditor, legal representatives of the patient, the patient, 
healthcare provider, privacy officer, court appointed/authorized person, etc. 

As-Is Principal: 

The data captured through the devices is usually in a certain format whereas the data given by the doctor as 
file may be in some different format. These data provided / included in the system is to be treated as 
sacrosanct. The As-ls Principal requires that the data captured in the first instance should be retrievable at 
any given point of time later in the same format, clarity, size and detail as it was provided in the beginning. 

It effectively means that the system is not allowed to make any changes either to the data or its format or its 
nature at any point other than the creation time for any reason. However, if it is required that the data needs 
to be altered either to carry some additional information at some later point, like annotation on images, or 
correction of errors of omission or commission, etc., it must be done on a copy of the original data, keeping 
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the original data intact, and marking the updated version as active while marking the previous version 
inactive. The modified data will become part of the EHR/EMR. 

Informed Format Change: 

Whenever, the data, its format or its nature needs to be changed within the system, it must be done with the 
explicit consent of the doctor / technician / person that is entering or managing the data. This explicit 
consent can also be taken from a set of preferences already set by the user or the administrator / root of the 
system. In such preference based consent, there is no need to prompt the user for permission at each 
insertion point. 

Also, in case the system is set to change format or nature of data automatically by setting of preferences, it 
must be made sure that the rule of conversion is declared in the Standard Operating Procedure (SOP) of 
site/application. 
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Guidelines 

HARDWARE 

• The IT hardware used should meet (and preferably be better than) the optimal requirements specified 
by the software (to be) used 

• The medical and IT hardware used must meet the relevant applicable specifications from BIS, NEMA, 
IEEE, ISO, CE, RoHS, EnergyStar, apart from Medical and IT standards for the equipment. 

• A backup or data preservation mechanism should be considered Data capacity should be planned to 
meet the storage requirement as per the mandated rule/law. 

• System redundancy at various levels (disk, power, network, etc.) should be planned to meet the 
organizational system availability requirement. 

• Network and data security should be planned, implemented, and periodically audited Please see section 
on Security and Privacy for the various requirements and functions that need to be supported and 
implemented 

• Hardware should be checked periodically for correctness and completeness of operation expected from 
them. An appropriate maintenance cycle should be planned and rigorously followed 

• Planned and expected Capacity and Quality requirement of the organization should be met by the 
hardware used Periodic updates and upgrades should be carried out to meet the requirements. 

NETWORKING AND CONNECTIVITY 

• Should be able to harness any telecommunications-related connectivity like the Internet, LAN, WAN, 
WAP, CDMA, GSM or even Cloud Computing that will permit the various EMRs of an individual to be 
integrated into a single lifelong electronic health record 

• As far as is practical and affordable, the connectivity medium chosen should be reliable and fast enough 
to sustain a secure data exchange for the period expected for transaction of records and data. The speed 
of the connectivity medium should be chosen from among available options so as to provide an 
acceptable user experience and not cause software/system fault due to delays/noise/failure. 

• Should be able to ensure that data exchange is performed in a secure manner to ensure data validity and 
non-repudiability 

• The data exchange must further ensure that data integrity is maintained at all times 

SOFTWARE STANDARDS 

The software for capturing, storing, retrieving, viewing, and analyzing healthcare records should: 

• Conform to the specified standards 

• Satisfy specified requirements 

• Be Interoperable, especially in terms of syntax and semantics of the information being exchanged 
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• Should be able to ensure user authentication and authorization 

• Should be able to support privacy, secrecy and audit trail 

• Possess advanced search, merge, and demerge functionality to ensure that duplicates are robustly 
resolved 

• Should be able to support conception-to-current/most recent medical records of a person (as relevant 
to scope of application) 

• Should be able to support digital archiving and retrieval of medical records after the death of a person 
for the total duration as specified by Government of India from time to time 

• Should be able to construct a medical/clinical summary based on available records from the very first 
visit to current/most recent 

• Preferably be able to support rapid data capture-storage-retrieval-display of data 

HEALTH RECORD IN MOBILE DEVICES 

As people become more mobile and travel becomes more accessible, patients will increasingly expect the 
healthcare record system to provide essential health information over mobile devices, which will give their 
treating clinician basic information like, medical condition, drug/allergy information etc. Demographics, 
insurance info, medications, allergy and alerts, and vital signs are some of the records that are recommended 
to be provided in at least read-only manner and to the extent relevant for emergency care and quick 
reference. It is also possible that certain clinical (BP, temperature, glucose count) and lifestyle (steps walked, 
distance run, sleep duration and quality) related information will additionally be provided by the patient 
thereby providing vital clues and information on the overall wellbeing of patient. 

In the specific regard of design and usability of such applications, "Framework for Mobile Governance 2012” 
of DeitY, Ministry of Communication & Information Technology, Government of India shall be applicable. 
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Data Ownership of Health Records 

THE ETHICAL, LEGAL, SOCIAL ISSUES (ELSI) GUIDELINES 

For the purposes of these recommendations, the term "privacy" shall mean that only those person or 
person(s] including organizations duly authorized by the patient may view the recorded data or part thereof. 
The term "security” shall mean that all recorded personally identifiable data will at all times be protected 
from any unauthorized access, particularly during transport (e.g. from healthcare provider to provider, 
healthcare provider to patient, etc.]. The term "trust" shall mean that person, persons or organizations 
(doctors, hospitals, and patients] are those who they claim they are. 

The following approaches are to be adopted wherever applicable to address the aspects that the terms 
mentioned above refer to: 

• Privacy would refer to authorization by the owner of the data (the patient] 

• Security would have as components both public and private key encryption; the encryption techniques 
used in transit and at rest need to be through different methodologies. 

• Trust would be accepted whenever a trusted third party confirms identity 

PROTECTED HEALTH INFORMATION 

Protected Health Information (PHI] would refer to any individually identifiable information whether oral or 
recorded in any form or medium that (1] is created, or received by a stakeholder; and (2] relates to past, 
present, or future physical or mental health conditions of an individual; the provision of health care to the 
individual; or past, present, or future payment for health care to an individual 

Electronic Protected Health Information (ePHI] would refer to any protected health information (PHI] that 
is created, stored, transmitted, or received electronically. Electronic protected health information includes any 
medium used to store, transmit, or receive PHI electronically. 

As per the Information Technology Act 2000, Data Privacy Rules, refers to ‘sensitive personal data or 
information’ (SP1] as the subject of protection, but also refers, with respect to certain obligations, to 
'personal information’ (PI], Sensitive personal information is defined as a subset of personal 
information. Followings are Sensitive personal information that relates to: 

1. Passwords 

2. Financial information such as bank account or credit card or debit card or other payment instrument 
details 

3. Physical, psychological and mental health condition 

4. Sexual orientation 

5. Medical records and history 

6. Biometric information 
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7. Any detail relating to (1) - [6] above received by the body corporate for provision of services 

8. Any information relating to (1) - (7) that is received stored or processed by the body corporate under a 
lawful contract or otherwise 

DATA OWNERSHIP 

• The physical or electronic records, which are generated by the healthcare provider, are held in trust by 
them on behalf of the patient 

• The contained data in record which are the protected health information of the patient is owned by the 
patient herself. 

• The medium of storage or transmission of such electronic medical record will be owned by the 
healthcare provider. 

• The "sensitive personal information (SPI) and personal information (PI)” of the patient is owned by the 
patient herself. Refer to IT Act 2000 for the definition of SPI and PI. 

DATA ACCESS AND CONFIDENTIALITY 

• Regulations are to be enforced to ensure confidentiality of the recorded patient/medical data and the 
patient should have a control over this. 

• Patients will have the sufficient privileges to inspect and view their medical records without any time 
limit. Patient’s privileges to amend data shall be limited to correction of errors in the recorded 
patient/medical details. This shall need to be performed through a recorded request made to the 
healthcare provider within a period of 30 days from the date of discharge in all inpatient care settings or 
30 days from the date of clinical encounter in outpatient care settings. An audit of all such changes shall 
be strictly maintained Both the request and audit trail records shall be maintained within the system. 

• Patients will have the privileges to restrict access to and disclosure of individually identifiable health 
information and need to provide explicit consent, which will be audited, to allow access and/or 
disclosures. 

• All recorded data will be available to care providers on an 'as required on demand’ basis 

DISCLOSURE OF PROTECTED / SENSITIVE INFORMATION 

• For use in treatment, payments and other healthcare operations: In all such cases, a general consent 
must be taken from the patient or next of kin, etc. as defined by applicable laws by MCI. 

• Fair use for non-routine and most non-health care purposes: A specific consent must be taken from the 
patient; format as defined by MCI. 

• For certain specified national priority activities, including notifiable/communicable diseases, the health 
information may be disclosed to appropriate authority as mandated by law without the patient's prior 
authorization 

• Instances where use and disclosure without individual authorization will be possible are as follows: 

• Complete record with all identifiers in an "as-is” state, on production of court order 
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• Totally anonymized data, where the anonymization process involves the complete removal of all 
information that allows the identification of the patient. (List of such personally identifiable information 
is provided below) 

RESPONSIBILITIES OF A HEALTHCARE PROVIDER 

• Protect and secure the stored health information, as per the guidelines specified in this document 
While providing patient information, remove patient identifying information (as provided in the list 
below), if it is not necessary to be provided 

• Will ensure that there are appropriate means of informing the patient of policies relating to her/his 
rights to health record privacy 

• Document all its privacy policies and ensure that they are implemented and followed This will include: 

• Develop internal privacy policies 

• Ensure implementation of privacy policies, audit and quality assurance 

• Provide privacy training to all its staff 

PRIVILEGES OF PATIENT OR PERSONAL REPRESENTATIVE 

Patient will have the privilege to carry out the activities detailed below, personally, or through appointed 
representative. 

• Patients can demand from a healthcare provider for a copy of its medical records held by that healthcare 
provider, which should be provided within 30 days of receipt of communication of request. 

• Patients can demand from a healthcare provider that stores/maintains his/her medical records, to 
withhold temporarily or permanently, specific information that he/she does not want disclosed to other 
organizations or individuals. 

• Patient can demand information from a healthcare provider on the details of disclosures performed on 
the patient’s medical records for any reason whatsoever. When demanded following details are to be 
provided for each instance of disclosure: 

• Date of the disclosure 

• Name and address of the entity or person who received the information 

• Brief description of the medical information disclosed 

• Brief summary of the purpose of the disclosure 

DENIAL OF INFORMATION 

Healthcare provider will be able to deny information to a patient or representative or third party, in 
contravention of normal regulations, if in the opinion of a licensed healthcare professional the release of 
information would endanger the life or safety of the patients and others. This will include but not be limited 
to as follows: 
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• Information obtained from an anonymous source under a promise of confidentiality. 

• Psychotherapy notes. 

• Information compiled for civil, criminal or administrative action. 

ELECTRONIC MEDICAL RECORDS PRESERVATION 

Preservation of medical records assume significant importance in view of the fact that an electronic health 
record of a person is an aggregation of all electronic medical records of the person from the very first entry 
till date. Hence, all records must compulsorily be preserved and not destroyed during the life-time of the 
person, ever. 

Upon the demise of the patient where there are no court cases pending, the records can be removed from 
active status and turned to inactive status. HSPs are free to decide when to make a record inactive, however, 
it is preferable to follow the "three (3) year rule” where all records of a deceased are made inactive three (3) 
years after death. 

It is however preferred and HSPs are strongly encouraged to ensure that the records are never be destroyed 
or removed permanently. The health of the blood relatives and natural descendants of the person can be 
strongly influenced by the health of the person and on-demand access to these may prove to be hugely 
useful in the maintenance of the health of the relations. 

Furthermore, analysis of health data of all persons is expected to greatly benefit in the understanding of 
health, disease processes and the amelioration thereof. 

With rapid decline in costs of data archiving coupled with the ability to store increasing amounts of data that 
may be readily accessible, continued maintenance of such data is not expected to lead to any major impact 
on the overall system maintenance and use. 

PATIENT IDENTIFYING INFORMATION 

Data are "individually identifiable" if they include any of the under mentioned identifiers for an individual or 
for the individual's employer or family member, or if the provider or researcher is aware that the 
information could be used, either alone or in combination with other information, to identify an individual 
These identifiers are as follows: 

• Name 

• Address (all geographic subdivisions smaller than street address, and PIN code) 

• All elements (except years) of dates related to an individual (including date of birth, date of death, etc.) 

• Telephone, cell (mobile) phone and/or Fax numbers 

• Email address 

• Bank Account and/or Credit Card Number 

• Medical record number 

• Health plan beneficiary number 
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• Certificate/license number 

• Any vehicle or other any other device identifier or serial numbers 

• PAN number 

• Passport number 

• AADHAAR card 

• Voter ID card 

• Fingerprints/Biometrics 

• Voice recordings that are non-clinical in nature 

• Photographic images and that possibly can individually identify the person 

• Any other unique identifying number, characteristic, or code 

APPLICABLE LEGISLATION 

The existing Indian laws including IT Act 2000 and their amendments from time to time would prevail. 
f http://deity.gov.in/content/information-technology-act-2000 1. 
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Data Privacy and Security 

SECURITY OF ELECTRONIC HEALTH INFORMATION: 

The Privacy Standards and the Security Standards are necessarily linked. Any health record system requires 
safeguards to ensure that the data is available when needed and that information is not used, disclosed, 
accessed, altered, or deleted inappropriately while being stored or retrieved or transmitted The Security 
Standards work together with the Privacy Standards to establish appropriate controls and protections. Health 
sector entities that are required to comply with the Privacy Standards also must comply with the Security 
Standards. 

Organizations must consider several factors when adopting security measures. How a healthcare provider 
satisfies the security requirements and which technology it decides to use are business decisions left to the 
individual organizations. In deciding what security measures to adopt, an organization must consider its size, 
complexity, and capabilities; it’s technical infrastructure, hardware, and software security capabilities; the 
cost of particular security measures; and the probability and degree of the potential risks to the ePHl it 
stores, retrieves and transmits. 

PURPOSE OF THE SECURITY STANDARDS 

The security standards require healthcare providers to implement reasonable and appropriate 
administrative, physical, and technical safeguards to: 

• ensure the confidentiality, integrity, and availability of all the e-PHl they create, transmit, receive, or 
maintain 

• protect against reasonably anticipated threats or hazards to the security or integrity of their e-PHl 

• protect against uses or disclosures of the e-PHI that are not required or permitted under the Privacy 
Standards 

• ensure their workforce will comply with their security policies and procedures 

SECURUTY TECHNICAL STANDARDS 

To protect the ePHI handles by a healthcare provider, the provider must implement technical safeguards as 
part of its security plan. Technical safeguards refer to using technology to protect ePHI by controlling access 
to it. Therefore, they must address the following standards focusing on the following functionalities. It is 
worth noting that they will need to use an EHR/EMR solution that is able to successfully and robustly 
demonstrate the possession and working of these functionalities. 

The basic requirements for security and privacy are provided in following standard: 

1. 1SO/TS 14441:2013 Health Informatics - Security & Privacy Requirements of EHR Systems for Use in 
Conformity Assessment 
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Authentication: 

• Locally within the system the fact that a person or entity seeking access to electronic health information 
is indeed the one as claimed and is also authorized to access such information must be verifiable. 

• Across the network, however extensive it might be, the fact that a person or entity seeking access to 
electronic health information across a network is the one claimed and is authorized to access such 
information in accordance with the standard specified in this document must be verifiable. 

Automatic log-off: An electronic session after a predetermined time of inactivity must be forcibly 
terminated. To log in back, the user will have to initiate a new log in session. However, for the sake of 
ergonomics, it is recommended that the unsaved state of the system at the time of automatic log-off be 
saved and presented back to the user for further action. This should be a user-specific feature. 

The advisory standard for overall information security management in health is: 

2. ISO 27799 Health informatics - Information Security Management in Health using ISO/IEC 27002 

Implementation Guideline: The ISO 27799 is provided as a basic advisory standard for security management. 
Other security management and standard / practices / guidelines given by Law (such as IT Act 2000 and 
amendments] or regulatory / statutory / certification bodies (such as National Accreditation Board for 
Hospitals & Health care Providers (NABH)) should be taken in consideration when designing and/or 
implementing health record system. 


Access control: The solution must assign a unique name and/or number for identifying and tracking user 
identity and establish controls that permit only authorized users to access electronic health information. In 
cases of emergency where access controls need to be suspended in order to save a live, authorized users 
(who are authorized for emergency situations] will be permitted to have unfettered access electronic health 
information for the duration of the emergency with the access remaining in force during the validity of the 
emergency situation. 


Access Privileges: Ideally only clinical care providers should have access rights to a person’s clinical records. 
However, different institutional care providers have widely varying access privileges specified that are 
institution-specific. No country-wide standards can be specified for this at least at this point in time. 

For privilege management and access control, following standards may be used: 

3. ISO 22600:2014 Health informatics - Privilege Management and Access Control (Part 1 through 3] 

Implementation Guideline: The ISO 22600 set of standards is provided as an advisory standard for policy 
based access control. For the purpose of privilege management, rule / policy based access is expected to 
give better control and flexibility in defining and enforcing access control. Access control mechanisms such 
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as Role Based, Policy Based, or singular user (applicable in case of mobile based PHR] are acceptable as long 
as conformant to applicable data security law(s) and rules as well as policy of the organization where 
implemented. 


Audit log: 

• All actions related to electronic health information in accordance with the standard specified in this 
document including viewing should be recorded. 

• All actions based on user-defined events must be recorded. 

• All or a specified set of recorded audit information, upon request or at a set period of time, must be 
electronically displayed or printed for user/administrative review. 

• All actions related to electronic health information must be recorded with the date, time, record 
identification, and user identification whenever any electronic health information is created, modified 
(non-clinical data only), deleted (stale and non-clinical data only), or printed; and an indication of which 
action(s) took place must also be recorded. 

• A cross-enterprise secure transaction that contains sufficient identity information such that the receiver 
can make access control decisions and produce detailed and accurate security audit trails should be 
preferably used within the system. 

The advisory standard for audit trail / log in health record system is: 

4. ISO 27789:2013 Health informatics - Audit Trails for Electronic Health Records 


Integrity: 

• During data transit the fact that the electronic health information has not been altered in transit in 
accordance with the standard specified in this document must be verifiable. 

• Detection of events - all alterations and deletions of electronic health information and audit logs, in 
accordance with the standard specified in this document must be detected. 

• Appropriate verification that electronic health information has not been altered in transit shall be 
possible at any point in time. A secure hashing algorithm must be used to verify that electronic health 
information has not been altered in transit and it is recommended that the Secure Hash Algorithm 
(SHA) used must be SHA-256 or higher. 

Encryption: 

• Generally, all electronic health information must be encrypted and decrypted as necessary according to 
organization defined preferences in accordance with the best available encryption key strength 
(minimum 256-bits key). 

• During data exchange all electronic health information must be suitably encrypted and decrypted when 
exchanged in accordance with an encrypted and integrity protected link. 
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• Secure Transmission standards and mechanisms must be used to allow access to health information as 
well as transmit data from one application / site to another. For this purpose HTTPS, SSL v3.0, and TLS 
vl.2 standards should be used. Please refer to relevant IETF, IEEE, ISO, and FIPS standards for same. 

Digital Certificates: 

Use of Digital Certificates for identification and digital signing is recommended in health record system. 
Health record system must use following standard where digital certificates are used: 

5. ISO 17090 Health informatics - Public Key Infrastructure (Part 1 through 5} 

ADMINISTRATIVE SAFEGUARDS STANDARDS 

The Administrative Safeguards require healthcare providers to develop and implement a security 
management process that includes policies and procedures that address the full range of their security 
vulnerabilities. Being administrative in nature, these need to be internally designed and developed as 
standard operating procedure [SOP] that must be published for all users to see and adhere to. Conformance 
to adherence may be delegated to the Privacy Officer detailed in the Data Ownership chapter above. To 
comply with the Administrative Safeguards, a healthcare provider must implement the following standards. 

• The security management process standard, to prevent security violations; 

• Assigned security responsibility, to identify a security officer; 

• Workforce security, to determine e-PHl user access privileges; 

• Information access management, to authorize access to e-PHl; 

• Security awareness training, to train staff members in security awareness; 

• Security incident procedures, to handle security incidents; 

• Contingency plan, to protect e-PHI during an unexpected event; and 

• Evaluation, to evaluate an organization's security safeguards. 

PHYSICAL SAFEGUARDS STANDARDS 

Physical safeguards are security measures to protect a healthcare provider’s electronic information systems, 
related equipment, and the buildings housing the systems from natural and environmental hazards, and 
unauthorized intrusion. Healthcare providers must fulfill the following four standards. However, since most 
of the implementation specifications in this category are addressable, healthcare providers have flexibility in 
determining how to comply with the requirements as long as these are internally designed and developed as 
per the relevant SOP and published for all users to see and adhere to. Conformance to adherence may be 
delegated to the Privacy Officer detailed in the Data Ownership chapter above. 

The required physical standards are: 

• The facility access control standard, to limit actual physical access to electronic information systems and 
the facilities where they're located; 
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• The workstation use standard, to control the physical attributes of a specific workstation or group of 
workstations, to maximize security; 

• The workstation security standard, to implement physical safeguards to deter the unauthorized access of 
a workstation; and 

• The device and media controls standard, to control the movement of any electronic media containing 
ePHI from, to or within the facility. 
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Glossary 

The various terms, including acronyms, are explained from a conceptual point and may not be the formal 
definitions. 

ADSL (Asymmetric Digital Subscriber Line): A type of DSL that uses copper telephone lines to transmit data 
faster than a traditional modem. ADSL only works within short distances because it uses high frequencies 
with short signals. 

Allergy List: This is a list of all the patient’s allergies. 

Allopathic, Allopathy: Defined as relating to or being a system of medicine that aims to combat disease by 
using remedies (as drugs or surgery) which produce effects that are different from or incompatible with 
those of the disease being treated 

Ambulatory care: Any medical care delivered on an outpatient basis. 

ANM: Auxiliary Nurse Midwife 

Archetype: Basically an information model, it is a computable expression of a domain content model in the 
form of structured constraint statements, based on a reference (information) model. Within the openEHR 
paradigm, archetypes are based on the openEHR reference model. Archetypes are all expressed in the same 
formalism. In general, they are defined for wide re-use, however, they can be specialized to include local 
particularities. They can accommodate any number of natural languages and terminologies. 

Artefact An object made by a human being, typically one of cultural or historical interest. In healthcare IT 
context, an artefact is any item such as a document, file or drawing, etc. that is generated for use as a 
reference material or inside a system. 

ASHA: Accredited Social Health Activist is usually a literate 25 - 45 year old married/ widowed/ divorced 
lady selected from the village itself and accountable to it and trained to work as an interface between the 
community and the public health system. This is position is one of the key components of the National Rural 
Health Mission aimed at providing every village in the country with a trained female community health 
activist 

ATC: Anatomical Therapeutic Chemical Classification System, controlled by the WHO Collaborating Centre 
for Drug Statistics Methodology (WHOCC), is used for drug classification. 

Authentication: The verification of the identity of a person or process. 

Authorization: Any document designating any permission. Authorization or waiver of authorization for the 
use or disclosure of identifiable health information for research (among other activities) is required. The 
authorization must indicate if the health information used or disclosed is existing information and/or new 
information that will be created. The authorization form may be combined with the informed consent form, 
so that a patient need sign only one form. An authorization must include the following specific elements: a 
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description of what information will be used and disclosed and for what purposes; a description of any 
information that will not be disclosed, if applicable; a list of who will disclose the information and to whom it 
will be disclosed; an expiration date for the disclosure; a statement that the authorization can be revoked; a 
statement that disclosed information may be re-disclosed and no longer protected; a statement that if the 
individual does not provide an authorization, she/he may not be able to receive the intended treatment; the 
subject’s signature and date. 

AYUSH: Ayurveda, Yoga, Unani, Siddha and Homeopathy. Falls under the broad category of Indian Systems of 
Medicines and Homoeopathy (ISM&H) governed by Ministry of Health and Family Welfare, Government of 
India 

[C] 

CCD (Continuity of Care Document): A joint effort of HL7 International and ASTM. CCD fosters 
interoperability of clinical data by allowing physicians to send electronic medical information to other 
providers without loss of meaning and enabling improvement of patient care. CCD is an implementation 
guide for sharing Continuity of Care Record (CCR) patient summary data using the HL7 Version 3 Clinical 
Document Architecture (CDA), Release 2. It establishes a rich set of templates representing the typical 
sections of a summary record, and these same templates for vital signs, family history, plan of care, and so 
on can then be used for establishing interoperability across a wide range of clinical use cases. 

CDT: Common Dental Terminology 

Chain of Trust Agreement A contract needed to extend the responsibility to protect health care data across a 
series of sub-contractual relationships. 

Chief Complaint (CC), Reason for Consultation (RFC), Reason of Visit (ROV): for recording a patient’s disease 
symptoms. 

Client/Server Architecture: An information-transmission arrangement, in which a client program sends a 
request to a server. When the server receives the request, it disconnects from the client and processes the 
request. When the request is processed, the server reconnects to the client program and the information is 
transferred to the client. This usually implies that the server is located on site as opposed to the ASP 
(Application Server Provider) architecture. 

Clinical Care Provider: Personnel or entities directly related to providing clinical care to patient. 

Clinical Data Repository (CDR): A real-time database that consolidates data from a variety of clinical sources 
to present a unified view of a single patient. It is optimized to allow clinicians to retrieve data for a single 
patient rather than to identify a population of patients with common characteristics or to facilitate the 
management of a specific clinical department. 

Clinical Decision Support System (CDSS): A clinical decision support system (CDSS) is software designed to 
aid clinicians in decision making by matching individual patient characteristics to computerized knowledge 
bases for the purpose of generating patient-specific assessments or recommendations. 
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Clinical Establishment Clinical establishment means (1) a hospital, maternity home, nursing home, 
dispensary, clinic, sanatorium or an institution by whatever name called that offers services, facilities 
requiring diagnosis, treatment or care for illness, injury, deformity, abnormality or pregnancy in any 
recognized system of medicine established and administered or maintained by any person or body of 
persons, whether incorporated or not; or [2] a place established as an independent entity or part of an 
establishment referred to above, in connection with the diagnosis or treatment of diseases where 
pathological, bacteriological, genetic, radiological, chemical, biological investigations or other diagnostic or 
investigative services with the aid of laboratory or other medical equipment, are usually carried on, 
established and administered or maintained by any person or body of persons, whether incorporated or not. 
(Clinical Establishment Act - CEA 2010) 

Clinical Guidelines (Protocols): Clinical guidelines are recommendations based on the latest available 
evidence for the appropriate treatment and care of a patient’s condition. 

Clinical Messaging: Communication of clinical information within the electronic medical record to other 
healthcare personnel 

Coded Data: Data are separated from personal identifiers through use of a code. As long as a link exists, data 
are considered indirectly identifiable and not anonymous or anonymized. 

Code Set Any set of codes used to encode data elements, such as tables of terms, medical concepts, medical 
diagnostic codes, or medical procedure codes. This includes both the codes and their descriptions. 

Coding: A mechanism for identifying and defining physicians’ and hospitals’ services. Coding provides 
universal definition and recognition of diagnoses, procedures and level of care. Coders usually work in 
medical records departments and coding is a function of billing. Medicare fraud investigators look closely at 
the medical record documentation, which supports codes and looks for consistency. Lack of consistency of 
documentation can earmark a record as "up-coded" which is considered fraud. A national certification exists 
for coding professionals and many compliance programs are raising standards of quality for their coding 
procedures. 

Computer-Based Patient Record (CPR): A term for the process of replacing the traditional paper-based 
chart through automated electronic means; generally includes the collection of patient-specific information 
from various supplemental treatment systems, i.e., a day program and a personal care provider; its display in 
graphical format; and its storage for individual and aggregate purposes. CPR is also called "digital medical 
record” or "electronic medical record”. 

Computerized Patient Record (CPR): Also known as an EMR or EHR.A patient's past, present, and future 
clinical data stored in a server. 

Computerized Physician Order Entry (CPOE): A system for physicians to electronically order labs, imaging 
and prescriptions 
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CPT (Current Procedural Terminology) Code: A recognizable five-digit number used to represent a service 
provided by a healthcare provider. It is a manual that assigns five digit codes to medical services and 
procedures to standardize claims processing and data analysis. The coding system for physicians’ services 
developed by the CPT Editorial Panel of the American Medical Association. 

[D] 

Data Content All the data elements and code sets inherent to a transaction, and not related to the format of 
the transaction. 

Data: This is factual information (as measurements or statistics) used as a basis for reasoning, discussion, or 
calculation. It additionally points to the information output by a sensing device or organ that includes both 
useful and irrelevant or redundant information and must be processed to be meaningfuL 

Database Management System (DBMS): The separation of data from the computer application that allows 
entry or editing of data. 

DICOM (Digital Imaging and Communications in Medicine): Digital Imaging and Communications in 
Medicine (DICOM) is a standard to define the connectivity and communication between medical imaging 
devices. 

Disease Management A type of product or service now being offered by many large pharmaceutical 
companies to get them into broader healthcare services. Bundles use of prescription drugs with physician 
and allied professionals, linked to large databases created by the pharmaceutical companies, to treat people 
with specific diseases. The claim is that this type of service provides higher quality of care at more 
reasonable price than alternative, presumably more fragmented, care. The development of such products by 
hugely capitalized companies should be the entire indicator necessary to convince a provider of how the 
healthcare market is changing. Competition is coming from every direction—other providers of all types, 
payers, employers who are developing their own in-house service systems, the drug companies. 

Document Imaging: Is a process of converting paper documents into an electronic format usually through a 
scanning process. 

Document Management The Document Manager allows the medical institution to store vital patient 
documents such as X-Ray’s, Paper Reports, and Lab Reports etc. 

Documentation: The process of recording information. 

DOHAD: Developmental Origins of Health and Diseases 

Drug Formulary: Varying lists of prescription drugs approved by a given health plan for distribution to a 
covered person through specific pharmacies. Health plans often restrict or limit the type and number of 
medicines allowed for reimbursement by limiting the drug formulary list. The list of prescription drugs for 
which a particular employer or State Medicaid program will pay. Formularies are either "closed,” including 
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only certain drugs or "open," including all drugs. Both types of formularies typically impose a cost scale 
requiring consumers to pay more for certain brands or types of drugs. See also Formulary. 

Drug Formulary Database: This EMR feature is used for electronic prescribing, electronic medical record 
[EMR], and computerized physician order entry (CPOE) systems to present formulary status to the provider 
while during the prescribing decision. 

DSM: Diagnostic and Statistical Manual for Mental Diseases 

[E] 

EDI: Acronym for Electronic Data Interchange. Electronic communication between two parties, generally for 
the filing of electronic claims to payers. 

EDI Translator: Used in electronic claims and medical record transmissions, this is a software tool for 
accepting an EDI transmission and converting the data into another format, or for converting a non-EDI data 
file into an EDI format for transmission. See also Electronic Data Interchange. 

EHR/EMR System Designer, Developer, Manufacturer, Vendor, Supplier, Retailer, Re-seller: Any entity that is 
involved in the design, development, testing, manufacturing, supplying, selling including re-selling of 
Electronic Health Records or Electronic Medical Records Systems as a whole or part thereof. 

Electronic Data Interchange [EDI]: The automated exchange of data and documents in a standardized format. 
In health care, some common uses of this technology include claims submission and payment, eligibility, and 
referral authorization. This refers to the exchange of routine business transactions from one computer to 
another in a standard format, using standard communications protocols. 

Electronic Health Records [EHR]: The one or more repositories, physically or virtually integrated, of 
information in computer processable form, relevant to the wellness, health and healthcare of an individual, 
capable of being stored and communicated securely and of being accessible by multiple authorized users, 
represented according to a standardized or commonly agreed logical information modeL Its primary 
purpose is the support of life-long, effective, high quality and safe integrated healthcare. [ISO 18308:2011] 

Electronic Medical Records [EMR]: The EMR could be considered as special case of the EHR, restricted in 
scope to the medical domain or at least very much medically focused [1SO/TR 20514], The Japanese 
Association of Healthcare Information Systems (JAHIS) has defined a five-level hierarchy of the EMR; 
Departmental EMR: contains a patient’s medical information entered by a single hospital department [e.g. 
pathology, radiology, pharmacy]; Inter-departmental EMR: contains a patient’s medical information from two 
or more hospital departments; Hospital EMR: contains a patient’s clinical information from a particular 
hospital; Inter-hospital EMR: contains a patient’s medical information from two or more hospitals; EHR: 
longitudinal collection of health information from all sources. [Classification of EMR systems, JAHIS, VI.1, 
Mar 1996] 

Electronic Protected Health Information [ePHl]: Electronic Protected Health Information [ePHI] is any 
protected health information [PHI] that is created, stored transmitted or received electronically. Electronic 
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protected health information includes any medium used to store, transmit, or receive PHI electronically. The 
following and any future technologies used for accessing, transmitting, or receiving PHI electronically are 
covered Media containing data at rest (data storage) like personal computers with internal hard drives used 
at work, home, or traveling, external portable hard drives, including iPods and similar devices, magnetic tape, 
removable storage devices, such as USB memory sticks, CDs, DVDs, and floppy disks, PDAs and smartphones 
and data in transit, via wireless, Ethernet, modem, DSL, or cable network connections, Email, File transfer. 
(For Protected Health Information - PHI, please see below) 

Encounter: A clinical encounter is defined by ASTM as "(1) an instance of direct provider/practitioner to 
patient interaction, regardless of the setting, between a patient and a practitioner vested with primary 
responsibility for diagnosing, evaluating or treating the patient’s condition, or both, or providing social 
worker services. (2) A contact between a patient and a practitioner who has primary responsibility for 
assessing and treating the patient at a given contact, exercising independent judgment." Encounter serves as 
a focal point linking clinical, administrative and financial information. Encounters occur in many different 
settings — ambulatory care, inpatient care, emergency care, home health care, field and virtual 
(telemedicine). 

Episode: An episode of care consists of all clinically related services for one patient for a discrete diagnostic 
condition from the onset of symptoms until the treatment is complete 
[http://www.ncmedsoc.org/non_members/pai/PAI-FinalWorkbookforVideo.pdf] Thus, for every new 
problem or set of problems that a person visits his clinical care provider, it is considered a new episode. 
Within that episode the patient will have one or many encounters with his clinical care providers till the 
treatment for that episode is complete. Even before the resolution of an episode, the person may have a new 
episode that is considered as a distinctly separate event altogether. Thus, there may be none, one or several 
ongoing active episodes. All resolved episodes are considered inactive. Hence they become part of the 
patient's past history. A notable point here is that all chronic diseases are considered active and may never 
get resolved during the life-time of the person, e.g., diabetes mellitus, hypertension, etc. 

EPR: Broadly defined a personal health record is the documentation of any form of patient information- 
including medical history, medicines, allergies, visit history, or vaccinations-that patients themselves may 
view, carry, amend annotate, or maintain. Today, when we refer to PHRs, we typically mean an online 
personal health record-which may variously be referred to as an ePHR, an Internet PHR, an Internet 
medical record or a consumer Internet Medical Record (CIMR). Generally, such records are maintained in a 
secure and confidential environment, allowing only the individual, or people authorized by the individual, to 
access the medical information. Not all electronic PHRs are Internet PHRs. PC-based PHRs may be set up to 
capture medical information offline. 

Evidence Based Medicine: Evidence-based medicine (EBM) is the integration of best research evidence with 
clinical expertise to aid in the diagnosis and management of patients. 

[F] 
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Family History: A list of the patient’s family medical history including the chronic medical problems of 
parents, siblings, grandparents, etc. 

FHIR: Fast Health Interoperable Resources, the newest version from HL7 org for messaging. 

Formatting and Protocol Standards: Data exchange standards which are needed between CPR systems, as 
well as CPT and other provider systems, to ensure uniformity in methods for data collection, data storage and 
data presentation. Proactive providers are current in their knowledge of these standards and work to ensure 
their information systems conform to the standards. 

Formulary: An approved list of prescription drugs; a list of selected pharmaceuticals and their appropriate 
dosages felt to be the most useful and cost effective for patient care. Organizations often develop a formulary 
under the aegis of a pharmacy and therapeutics committee. In HMOs, physicians are often required to 
prescribe from the formulary. See also Drug Formulary. 

[G] 

Growth Chart A feature for a Primary Care or EMR that can be used for pediatric patients. Age, height, 
weight, and head measurements can be entered over the patient's lifetime, and the feature creates a line 
graph. 

[H] 

Health Care Operations: Institutional activities that is necessary to maintain and monitor the operations of 
the institution. Examples include but are not limited to: conducting quality assessment and improvement 
activities; developing clinical guidelines; case management; reviewing the competence or qualifications of 
health care professionals; education and training of students, trainees and practitioners; fraud and abuse 
programs; business planning and management; and customer service. Under the HIPAA Privacy Rule, these 
are allowable uses and disclosures of identifiable information "without specific authorization.” Research is 
not considered part of health care operations. 

Health Care, Healthcare: Care, services, and supplies related to the health of an individual. Health care 
includes preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and counseling, 
among other services. Healthcare also includes the sale and dispensing of prescription drugs or devices. 

Health Information: Information in any form (oral, written or otherwise) that relates to the past, present or 
future physical or mental health of an individual That information could be created or received by a health 
care provider, a health plan, a public health authority, an employer, a general health insurer, a school, a 
university or a health care clearinghouse. 

Health Level Seven (HL7): A data interchange protocol for health care computer applications that simplifies 
the ability of different vendor-supplied IS systems to interconnect. Although not a software program in itself, 
HL7 requires that each healthcare software vendor program HL7 interfaces for its products. The 
organization is one of the American National Standards Institute accredited Standard Developing 
Organization (SDO) - Health Level 7 domain is the standards for electronic interchange of clinical, financial 
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and administrative info among healthcare oriented computer systems. Is a not-for-profit volunteer 
organization. It develops specifications, most widely used is the messaging standard that enables disparate 
health care applications to exchange key sets of clinical and administrative data. It promotes the use of 
standards within and among healthcare organizations to increase the effectiveness and efficiency of 
healthcare delivery. It is an international community of healthcare subject matter experts and information 
scientists collaborating to create standards for the exchange, management and integration of electronic 
healthcare information. 

Health: The state of complete physical, mental, and social well-being and not merely the absence of disease 
or infirmity. It is recognized, however, that health has many dimensions (anatomical, physiological, and 
mental) and is largely culturally defined The relative importance of various disabilities will differ depending 
upon the cultural milieu and the role of the affected individual in that culture. Most attempts at 
measurement have been assessed in terms or morbidity and mortality. 

Healthcare provider: A health care provider is an individual or an institution that provides preventive, 
curative, promotional or rehabilitative health care services in a systematic way to individuals, families or 
communities. An individual health care provider may be a health care professional, an allied health 
professional, a community health worker, any or other person trained and knowledgeable in medicine, 
nursing or other allied health professions, or pub lie/community health workers like, ASHA, ANM, midwives, 
paramedical staff, OT/lab/radio-diagnostic technicians, etc. An institution will include hospitals, clinics, 
primary care centers and other service delivery points of health care individual clinics, polyclinics, 
diagnostic centers, etc., i.e., any place where a medical record is generated during a patient-care provider 
encounter (in conformance to CEA 2010 - please refer to Clinical Establishment item above). It must be 
noted that any person solely performing non-clinical work is not a care provider. 

Healthcare Service Provider (HSP): see Healthcare provider 

History of Present Illness (HPI): The HPI is the history of the patient’s chief complaint. 

Human Subject Refers to a living subject participating in research about whom directly or indirectly 
identifiable health information or data are obtained or created 

Hybrid Record: Term used for when a provider uses a combination of paper and electronic medical records 
during the transition phase to EMR. 

[I] 

Independent Software Vendor (ISV): A company specializing in making or selling software products that runs 
on one or more computer hardware or operating system platforms. 

Immunization: A complete list of all immunizations that the patient has had 

Informatics: The application of computer technology to the management of information. 

Integration: Integration allows for secure communication between enterprise applications. 
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Interface: A means of communication between two computer systems, two software applications or two 
modules. Real time interface is a key element in healthcare information systems due to the need to access 
patient care information and financial information instantaneously and comprehensively. Such real time 
communication is the key to managing health care in a cost effective manner because it provides the 
necessary decision-making information for clinicians, providers, other stakeholders, etc. 

International Classification of Diseases: This is the universal coding method used to document the incidence 
of disease, injury, mortality and illness. A diagnosis and procedure classification system designed to facilitate 
collection of uniform and comparable health information. The ICD-9-CM was issued in 1979. This system is 
used to group patients into DRGs, prepare hospital and physician billings and prepare cost reports. 
Classification of disease by diagnosis codified into six-digit numbers. See also coding. 

International Health Terminology Standards Development Organization (IHTSDO): Denmark-based 
organization that maintains and licenses SNOMED codes worldwide. 

Interoperability: The capability to provide successful communication between end-users across a mixed 
environment of different domains, networks, facilities and equipment. 

ISP: Internet Service Provider 

ISV (Independent Software Vendor): An independent software vendor (ISV) is a company specializing in 
making or selling software, designed for mass or niche markets. This typically applies for application- 
specific or embedded software, from other software producers. 

[J] 

J-Codes: A subset of the HCPCS Level II code set with a high-order value of "J” that has been used to identify 
certain drugs and other items. 

[L] 

LAN (Local Area Network): A LAN supplies networking capability to a group of computers in close proximity 
to each other such as in an office building, a school, or a home. 

Legacy System Integration: The integration of data between a legacy system and some other software 
program most commonly using HL-7 standards. 

Legacy Systems: Computer applications, both hardware and software, which have been inherited through 
previous acquisition and installation. Most often, these systems run business applications that are not 
integrated with each other. Newer systems which stress open design and distributed processing capacity are 
gradually replacing such systems. 

Length of Stay (LOS): The duration of an episode of care for a covered person. The number of days an 
individual stays in a hospital or inpatient facility. May also be reviewed as Average Length of Stay (ALOS). 
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LEPR (Longitudinal Patient Record): Longitudinal Patient Record is an EHR that includes all healthcare 
information from all sources. 

[M] 

Management Information System (MIS): The common term for the computer hardware and software that 
provides the support of managing the plan. 

Master Patient / Member Index: An index or file with a unique identifier for each patient or member that 
serves as a key to a patient’s or member’s health record 

Maximum Defined Data Set All of the required data elements for a particular standard based on a specific 
implementation specification. An entity creating a transaction is free to include whatever data any receiver 
might want or need The recipient is free to ignore any portion of the data that is not needed to conduct their 
part of the associated business transaction, unless the inessential data is needed for coordination of benefits. 

MCI: Medical Council of India 

Medical Code Sets: Codes that characterize a medical condition or treatment. These code sets are usually 
maintained by professional societies and public health organizations. Compare to administrative code sets. 

Medical Informatics: Medical informatics is the systematic study, or science, of the identification, collection, 
storage, communication, retrieval, and analysis of data about medical care services to improve decisions 
made by physicians and managers of health care organizations. Medical informatics will be as important to 
physicians and medical managers as the rules of financial accounting are to auditors. 

Medical Management Information System (MMIS): A data system that allows payers and purchasers to track 
health care expenditure and utilization patterns. It may also be referred to as Health Information System 
(HIS), Health Information Management (HIM) or Information System (IS). See also Electronic Medical 
Record (EMR). 

Metadata and Date Standard (MDDS) - A set of data elements and their specification for use in certain domain, 
such as health, e-governance. 

MIMS: Monthly Index of Medical Specialties 

Minimum Data Set The minimum set of data elements that must be captured, stored made available for 
retrieval, presentation, relay and sharing by an EHR system. It comprises of all of the essential data elements 
required for implementation. An entity creating a transaction must include the mandatory data elements at all 
times and is free to exclude optional data elements. The entity is free to additionally include whatever other 
data elements that any receiver might want or need The recipient is free to ignore any portion of the data 
that is not mandatory and is further free to ignore any other portion of the data that is not needed to 
conduct their part of the associated transaction, unless required by sender, intermediaries or receiver. This 
minimum data set represents the most common data, and system designers are at liberty to add to it as they 
deem necessary to enrich or enhance their EHR systems. 
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Modifier: Additional character of a code added to an existing code that is used to help in extending or 
localization of the existing code. 

[N] 

NANDA: North American Nursing Diagnosis Association 

National Council for Prescription Drug Programs: An ANSI-accredited group that maintains a number of 
standard formats for use by the retail pharmacy industry. 

NEMA: The National Electrical Manufacturers Association (NEMA) is the association of electrical equipment 
and medical imaging manufacturers, founded in 1926 and headquartered in Rosslyn, Virginia. 

Non-Participating Physician (or Provider): A provider, doctor or hospital that does not sign a contract to 
participate in a health plan, usually which requires reduced rates from the provider. In the Medicare 
Program, this refers to providers who are therefore not obligated to accept assignment on all Medicare 
claims. In commercial plans, non-participating providers are also called out of network providers or out of 
plan providers. If a beneficiary receives service from an out of network provider, the health plan (other than 
Medicare) will pay for the service at a reduced rate or will not pay at all 

[ O ] 

Open Access: A term describing a member’s ability to self-refer for specialty care. Open access arrangements 
allow a member to see a participating provider without a referral from another doctor. Health plan 
members’ abilities, rights or invitation to self refer for specialty care. Also called Open Panel. 

openEHR: openEHR is an open standard specification in health informatics that describes the management 
and storage, retrieval and exchange of health data in electronic health records (EHRs). In openEHR, all health 
data for a person is stored in a "one lifetime", vendor-independent, person-centered EHR. Maintained by the 
openEHR Foundation, these are based on a combination of 15 years of European and Australian research 
and development into EHRs and new paradigms, including what has become known as the archetype 
methodology for specification of content and include information and service models for the EHR, 
demographics, clinical workflow and archetypes. They are designed to be the basis of a medico-legally sound, 
distributed versioned EHR infrastructure. 

OR: Operating Room - synonymous to OT as below 

OT: Operation Theatre 

OTC: Over the counter (drugs). Refers to those drugs that are available off the shelf without any prescription 
or advice from a registered medical practitioner 

Outcome: A clinical outcome is the "change in the health of an individual, group of people or population 
which is attributable to an intervention or series of interventions”. (Taken from: Frommer, Michael; Rubin, 
George; Lyle, David (1992)."The NSW Health Outcomes program". New South Wales Public Health Bulletin 3: 
135. doi:10.1071/NB92067) 
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Outpatient Care: Care given a person who is not bedridden. It is also called ambulatory care. Many surgeries 
and treatments are now provided on an outpatient basis, while previously they had been considered reason 
for inpatient hospitalization. Some say this is the fastest growing segment of healthcare 

[P] 

Participating Physician: A primary care physician in practice in the payer’s managed care service area who 
has entered into a contract. 

Past History: A list of a patient’s past health problems, surgeries and specialists. 

Patient Demographics: All patient’s pertinent information such as first and last name, SSN, DOB, insurance, 
etc. 

Patient Portal: A secure web-based system that allows a patient to register for an appointment, schedule an 
appointment, request prescription refills, send and receive secure patient-physician messages, view lab 
results, pay their bills electronically, access physician directories. 

Patient A person who is under medical care or treatment 

PC Based: A program designed to run on an individual PC. This typically means data is not shared in real 
time among other PCs (users). 

PCP: Primary care physician who often acts as the primary gatekeeper in health plans. That is, often the PCP 
must approval referrals to specialists. Particularly in HMOs and some PPOs, all members must choose or are 
assigned a PCP. 

PHR: A personal health record or PHR is typically a health record that is initiated and maintained by an 
individual An ideal PHR would provide a complete and accurate summary of the health and medical history 
of an individual by gathering data from many sources and making this information accessible online. 

Picture Archive Communication System (PACS): Used by radiology and diagnostic imaging organizations to 
electronically manage information and images 

Practice Parameters, Practice Guidelines: Systematically developed statements to standardize care and to 
assist in practitioner and patient decisions about the appropriate health care for specific circumstances. 
Practice guidelines are usually developed through a process that combines scientific evidence of 
effectiveness with expert opinion. Practice guidelines are also referred to as clinical criteria, protocols, 
algorithms, review criteria, and guidelines. The American Medical Association defines practice parameters 
as strategies for patient management, developed to assist physicians in clinical decision-making. Practice 
parameters may also be referred to as practice options, practice guidelines, practice policies, or practice 
standards. 

Prescription Drug: Drug that the law says can only be obtained by prescription. 
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Primary Care Physician: A "generalist" such as a family practitioner, pediatrician, internist, or obstetrician. 
In a managed care organization, a primary care physician is accountable for the total health services of 
enrollees including referrals, procedures and hospitalization. Also see Primary Care Provider. 

Primary Care Provider: The provider that serves as the initial interface between the member and the 
medical care system. The PCP is usually a physician, selected by the member upon enrollment, who is 
trained in one of the primary care specialties who treats and is responsible for coordinating the treatment of 
members assigned to his/her plan. 

Primary Care: Basic or general health care usually rendered by general practitioners, family practitioners, 
internists, obstetricians and pediatricians who are often referred to as primary care practitioners or PCPs. 
Professional and related services administered by an internist, family practitioner, obstetrician-gynecologist 
or pediatrician in an ambulatory setting, with referral to secondary care specialists, as necessary. 

Principal Diagnosis: The medical condition that is ultimately determined to have caused a patient’s 
admission to the hospital. The principal diagnosis is used to assign every patient to a diagnosis related 
group. This diagnosis may differ from the admitting and major diagnoses. 

Privacy Standards: The Privacy standards restrict the use & disclosure of individually identifiable health 
information. Privacy standard applies to all protected health information may it is in physical or electronic 
form. 

Privacy: Privacy means an individual’s interest in limiting who has access to personal health care 
information. Specific patient authorization is required for use and disclosure of clinical notes. As per 
Fernando & Dawson, 2009, privacy is control of access to private information avoiding certain kinds of 
embarrassment and can be shared or not shared with others; Only authorized (by the patient) people can 
view the recorded data or part thereof 

Progress Note: The documentation of a patient visit or encounter including all or part of the SOAP format. 

Protected health information (PHI): Any individually identifiable information whether oral or recorded in 
any form or medium that is created or received by a health care provider, health plan or health care 
Healthcare provider and relates to past, present, or future physical or mental health conditions of an 
individual; the provision of health care to the individual; or past, present, or future payment for health care 
to an individual 

[R] 

Real Time: The instantaneous sharing of data among a user group. It is common to a client/server database 
configuration. 

Reference Model (RM): 

Referral: Some insurance companies require that on specific plans a referral must be obtained for certain 
procedures or visits to specialists. The referral is acquired by the primary care physician (PCP) by 
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contacting the insurance company by phone or mail. This is a request for the service. The referral consists of 
an authorization code, a number of visits allowed (if applicable) and an expiration date. 

Referring Provider: is the provider that referred the patient to a specialist or for a specific procedure. 

Regenstrief: The Regenstrief Institute is an international non-profit medical research organization 
associated with Indiana University. It produces and maintains L01NC codes. 

Relational Database: A database program that stores data in a manner similar to Excel, with the difference 
being the data elements are related (linked) to each other. 

Remote Access: Data travels through a private, protected passage via the Internet, allowing healthcare 
providers to access from home or another practice location and allows EMR vendor to perform system 
maintenance off-site 

Rendering/Performing Provider: The provider actually treating the patient. 

Roles and Access Levels: The role and access level of the user needs to be determined and set by the system 
administrator. The role determines the access level. While roles may be such as system administrator, medical 
doctor, registered nurse, medical student, medical assistant, nurse assistant, ancillary nurse, health worker, 
Anganwadi worker (grass-root health worker), etc., the access levels may include viewing only, 
viewing/adding/editing only, viewing/adding/editing/deleting, all allowed etc. These need to be set out 
clearly in the SOP of the facility. 

ROS (Review of Systems): A series of questions related to the system(s) that the patient is having complaints 
about (i.e. respiratory for cold symptoms). 

RxNorm: RxNorm is the name of a US-specific terminology in medicine that contains all medications 
available on US market; it provides normalized names for clinical drugs and links its names to many of the 
drug vocabularies commonly used in pharmacy management and drug interaction software. 


[S] 

Secondary Care: Services provided by medical specialists who generally do not have first contact with 
patients (e.g., cardiologist, urologists, dermatologists). In the U.S., however, there has been a trend toward 
self-referral by patients for these services, rather than referral by primary care providers. This is quite 
different from the practice in England, for example, where all patients must first seek care from primary care 
providers and are then referred to secondary and/or tertiary providers, as needed 

Security Standards: The Security Standards require measures to protect the confidentiality, integrity and 
availability of e-PHI while it’s being stored & exchanged The security standard applies to all electronic PHI. 

Security: This refers to the methods and techniques adopted to protect privacy and are a defense 
mechanism front any attack (Hong et aL, 2004) 
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SNOMED: Systemized Nomenclature of Medicine Clinical Terms is the universal health care terminology. It is 
comprehensive and covers procedures, diseases, and clinical data. SNOMED CT helps to structure and 
computerize the medical record. It allows for a consistent way of indexing, storing, retrieving and 
aggregating clinical data across sites of care (i.e. hospitals, doctors offices) and specialties. By standardizing 
the terminology, the variability in the way data is captured, encoded and used for clinical care of patients and 
research is reduced Allows for more accurate reporting of data. It is currently available in English, Spanish 
and German. 

Social History: A description of a patient’s social habits and history including marital status, alcohol and drug 
use and exercise habits. 

Solo Practice, Solo Practitioner: A physician who practices alone or with others but does not pool income or 
expenses. This form of practice is becoming increasingly less common as physicians band together for 
contracting, overhead costs and risk sharing. 

SOP: Standard operating procedures or protocols 

SQL: Structured Query Language - is a computer language aimed to store, manipulate and retrieve data 
stored in relational databases. 

SDO: Standards Development Organization - an organization responsible for development and maintenance 
of a standard or several, usually run on a not-for-profit basis. 

Subjective: Section in a progress note where a patient’s account of their current problem is documented. 
Consists of chief complaint, HPI and ROS. 

Sx: Abbreviation for symptoms 


[T] 

Tl, T3 line: A high-speed internet connection provided via telephone lines often used by businesses needing 
internet connection speeds greater than DSL/Cable. 

Therapeutic Alternatives: Strong Drug products that provide the same pharmacological or chemical effect in 
equivalent doses. Also see Drug Formulary. 

TPA: Third Party Administrator 

Treatment Episode: The period of treatment between admission and discharge from a modality, e.g., 
inpatient, residential, partial hospitalization, and outpatient, or the period of time between the first 
procedure and last procedure on an outpatient basis for a given diagnosis. Many healthcare statistics and 
profiles use this unit as a base for comparisons. 

Treatment The provision of health care by one or more health care providers. Treatment includes any 
consultation, referral or other exchanges of information to manage a patient’s care. 
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[V] 

Vital Statistics: Statistics relating to births (natality), deaths (mortality), marriages, health, and disease 
(morbidity). Vital statistics for the United States are published by the National Center for Health Statistics. 
Vital statistics can be obtained from CDC, state health departments, county health departments and other 
agencies. An individual patient’s vital statistics in a health care setting may also refer simply to blood 
pressure, temperature, height and weight, etc. 

VPN: Virtual Private Network - A VPN "tunnel" is a secure connection, typically firewall to firewall that 
provides for remote access to your data server. 

[W] 

WHO: The World Health Organization is a specialized agency of the United Nations that is concerned with 
international public health. 

[X] 

XML (Extensible Markup Language): Used for defining data elements on a Web page and communication 
between two business systems. Example: Standard messaging system for and EMR to integrate with another 
software such as a practice management or drug formulary database. 
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Contact Information 

The Director (eGov) 

e-Governance Division 

Department of Health & Family Welfare 

Ministry of Health & Family Welfare 
Government of India 

mohfw.nic.in 

Implementation specific queries may be referred to: 

National Release Center (NRC) 

HPC-Medical & Bioinformatics Application Group, 

Centre for Development of Advanced Computing [C-DAC] 

Savitribai Phule Pune University Campus 

Ganeshkhind Road 

Pune-411007 

Email: nrc-help@cdac.in 

http://www.snomedctnrc.in 
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Executive Summary 

INTRODUCTION 

In September 2013 the Ministry of Health & Family Welfare [MoH&FW] notified the Electronic Health Record 
(EHR) Standards for India. The set of standards given therein were chosen from the best available and used 
standards applicable to Electronic Health Records from around the world keeping in view their suitability to 
and applicability in India. The Committee constituted to recommend the standards drew from experts, 
practitioners, government officials, technologists, and industry. The notified standards were not only 
supported by professional bodies, regulatory bodies, stakeholders, but various technical and social 
commentators as well, as being a step in the right direction. MoH&FW moved ahead with facilitating the 
adoption, as next steps, and in last two years the Ministry has made available standards like SNOMED CT 
free-for-use in the country as well as appoint interim National Release Center (NRC) to handle this clinical 
terminology standard that is fast gaining widespread acceptance amongst the various healthcare IT 
stakeholder communities worldwide. 

At the time of notifying the standards in September 2013, it was understood that the standards themselves 
will continue to evolve over time. Consequently, it was accepted that this notification will require revision 
from time to time. This becomes all the more necessary as understanding of those standards, their 
implementation and the expectations from the healthcare systems improve. Hence, MoH&FW constituted an 
expert group to review the earlier notified set of standards based on the experience and with eyes firmly on 
the future. The set of standards provided herein represents the recommendations of the Expert Committee 
arrived at after deliberating on the various aspects of standardizations in healthcare record systems. The 
Committee also carefully examined the provisions of open standards and the guidelines as per the norms 
suggested by MeitY, Government of India and recommended the standards given later in the document. 

NEED FOR ELECTRONIC HEALTH RECORD 

For a health record of an individual to be clinically meaningful it needs to be from conception or birth, at the 
very least. As one progresses through one’s life, every record of every clinical encounter represents a health- 
related event in one’s life. Each of these records may be insignificant or significant depending on the current 
problems that the person is suffering from. Thus, it becomes imperative that these records be available, 
longitudinally arranged as a time series, and be clinically relevant to provide a summary of the various 
healthcare events in the life of a person. 

An Electronic Health Record (EHR] is a collection of various medical records that get generated during any 
clinical encounter or events. With rise of self-care and homecare devices and systems, nowadays meaningful 
healthcare data get generated 24x7 and also have long-term clinical relevance. The purpose of collecting 
medical records, as much as possible, are manifold - better and evidence based care, increasingly accurate 
and faster diagnosis that translates into better treatment at lower costs of care, avoid repeating unnecessary 
investigations, robust analytics including predictive analytics to support personalized care, improved health 
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policy decisions based on better understanding of the underlying issues, etc., all translating into improved 
personal and public health. 

Without standards, a lifelong medical record is simply not possible, as different records from different 
sources spread across ~80+ years, potentially, needs to be brought meaningfully together. To achieve this, a 
set of pre-defined standards for information capture, storage, retrieval, exchange, and analytics that includes 
images, clinical codes and data is imperative. 

STRATEGIC HIGHLIGHTS 

This document provides a structured overview of the key EHR standards with respect to Indian healthcare 
system. For every aspect of data/information that is part of any healthcare record system has been addressed 
with a short guideline regarding implementation specific to the item-in-context included. Various non- 
related recommendations from previous edition have been removed to better streamline the set of standards 
selected and achieve harmony among them. A detailed recommendation on the interoperability and 
standards, clinical informatics standards, data ownership, privacy and security aspects, and the various 
coding systems are also provided. The set of standards given in earlier edition has been updated with their 
latest versions as the country moves towards a better implementation. It would not be out of place to note 
that certain sections of the document have been removed to provide increased readability and consistency 
throughout while avoiding duplication, ambiguity and contradictions. 

SCOPE 

This document provides a set of recommendations relevant to adoption of electronic health informatics 
standards in EHR/EMR and other similar clinical information systems. The scope is limited to identifying the 
standards, their intended purposes in such systems, followed by a short guideline-for-implementation 
approach. It is understood that with adoption of these standards properly, the data capture, storage, view, 
presentation, and transmission will be standardized to levels that will achieve interoperability of both 
meaning and data contained in the records. This document does not cater to wider implementation scenarios 
such as of administrative, legal or regulatory nature. This document also does not cater to aspects of creation 
and operation of local, regional or national infrastructures, indexes, or repositories as they are dealt with by 
appropriate regulative/administrative bodies. 

LOOKING AHEAD 

This document is a continuation of its earlier version, but in many ways reflects the growing confidence in 
the path correctly chosen earlier - providing a set of international and proven standards with focus towards 
achieving syntactic and semantic interoperability of health records. The idea that any person in India can go 
to any health service provider/practitioner, any diagnostic center or any pharmacy and yet be able to access 
and have fully integrated and always available health records in an electronic format is not only empowering 
but also the vision for efficient 21 st century healthcare delivery. 
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EXECUTIVE SUMMARY 


In conclusion, it must be reiterated that these standards cannot be considered either in isolation or as "etched 
in stone for all eternity". These will need to undergo periodic review and update as necessary. Hence, it is 
imperative that this document be a "living document”. 
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Standards at a Glance 

This section is provided for quick reference. Details are provided in the subsequent sections. 
N.B., this is a tentative list only. 


s. 

No. 

Type 

Standard Name 

Intended Purpose 

1 

Identification & 
Demographics 

ISO/TS 22220:2011 Health Informatics - 
Identification of Subjects of Health Care 

Basic identity details 
of patient 

2 

MDDS - Demographic (Person Identification and 

Land Region Codification) version 1.1 

Complete 
demographic for 
interoperability with 
E-Governance systems 

3 

Patient 

Identifiers 

UIDAI Aadhaar 

Preferable identifier 
where available 

4 

Local Identifier 

Identifier given within 
institution / clinic / 
lab 

5 

Government Issued Photo Identity Card Number 

Identifier used in 
conjunction with local 
in absence of Aadhaar 

6 

Architecture 

Requirements 

ISO 18308:2011 Health Informatics - Requirements 
for an Electronic Health Record Architecture 

System architectural 
requirements 

7 

Functional 

Requirements 

ISO/HL7 10781:2015 Health Informatics - HL7 
Electronic Health Records-System Functional Model 
Release 2 (EHR FM) 

System functional 
requirements 

8 

Reference 

Model and 
Composition 

ISO 13940 Health informatics - System of Concepts to 
Support Continuity of Care 

Concepts for care, 
actors, activities, 
processes, etc. 

9 

ISO 13606 Health informatics - Electronic Health 
Record Communication (Part 1 through 3) 

Information model 
architecture and 
communication 

10 

openEHR Foundation Models Release 1.0.2 

Structural definition 
and composition 

11 

Terminology 

SNOMED Clinical Terms (SNOMED CT) 

Primary terminology 

12 

Coding System 

Logical Observation Identifiers Names and Codes 
(LOINC) 

Test, measurement, 
observations 
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s. 

No. 

Type 

Standard Name 

Intended Purpose 

13 


WHO Family of International Classifications (WHO- 
FIC) 

including ICD, ICF, ICHI, ICD-0 

Classification and 
reporting 

14 

Imaging 

Digital Imaging and Communications in Medicine 
(DICOM) PS3.0-2015 

Image, waveform, 
audio/video 

15 


JPEG lossy (or lossless) with size and resolution not 
less than 1024pxx 768px at 300dpi 

Image capture format 

16 

Scanned or 
Captured 

ISO/IEC 14496 - Coding of Audio-Visual Objects 

Audio/Video capture 
format 

17 

Records 

ISO 19005-2 Document Management - Electronic 
Document File Format for Long-Term Preservation - 
Part 2: Use of ISO 32000-1 (PDF/A-2) 

Scanned documents 
format 

18 


ANSI/HL7 V2.8.2-2015 HL7 Standard Version 2.8.2 - 
An Application Protocol for Electronic Data Exchange 
in Healthcare Environments 

Event/Message 

exchange 

19 


ASTM/HL7 CCD Release 1 (basis standard ISO/HL7 
27932:2009) 

Summary Records 
exchange 

20 

Data Exchange 

ISO 13606-5:2010 Health informatics - Electronic 
Health Record Communication - Part 5: Interface 
Specification 

EHR archetypes 
exchange [Also, refer 
to openEHR Service 
Model specification] 

21 


DICOM PS3.0-2015 (using DIMSE services & Part-10 
media/files) 

Imaging/Waveform 

Exchange 

22 


Bureau of Indian Standards and its MHD-17 

Committee 

Standards 

Development 

23 

Other Relevant 
Standards 

ISO TC 215 set of standards 

24 

IEEE/NEMA/CE standards for physical systems and 
interfaces 

Organizations (SDOs) 

25 

Discharge/ 

Treatment 

Summary 

Medical Council of India (MCI) under regulation 3.1 of 
Ethics 

Composition as 
prescribed 

26 

E-Prescription 

Pharmacy Practice Regulations, 2015 Notification No. 
14-148/ 2012- PCI as specified by Pharmacy Council 
of India 

Composition as 
prescribed 

27 

Personal 
Healthcare and 
medical Device 
Interface 

IEEE 11073 health informatics standards and related 
ISO standards for medical devices 

Device interfacing 
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s. 

No. 

Type 

Standard Name 

Intended Purpose 

28 

Data Privacy 
and Security 

ISO/TS 14441:2013 Health Informatics - Security & 
Privacy Requirements of EHR Systems for Use in 
Conformity Assessment 

Basis security and 
privacy requirements 

29 

Information 

Security 

Management 

ISO/DIS 27799 Health informatics - Information 
Security Management in Health using ISO/IEC 27002 

Overall information 
security management 

30 

Privilege 
Management 
and Access 
Control 

ISO 22600:2014 Health informatics - Privilege 
Management and Access Control (Part 1 through 3) 

Access control 

31 

Audit Trail and 
Logs 

ISO 27789:2013 Health informatics - Audit trails for 
Electronic Health Records 

Audit trail 

32 

Data Integrity 

Secure Hash Algorithm (SHA) used must be SHA-256 
or higher 

Data Hashing 

33 

Data 

Minimum 256-bits key length 

Encryption key 

34 

Encryption 

HTTPS, SSL v3.0, and TLS vl.2 

Encrypted connection 

35 

Digital 

Certificate 

ISO 17090 Health informatics - Public Key 
Infrastructure (Part 1 through 5] 

Digital certificates use 
and management 


Note: Where year of publication or version of standard (or its parts) is not provided explicitly, the latest 
published version of standard (or its parts) available from standard body as on the date of notification / 
circulation of this recommendation is to be used. 


Page 6 




















239 


File No. Q-11011 /2/2016-eGov (Computer No. 3062309 ) 
Receipt No : 374585/2016/MOHFW 


STANDARDS AT A GLANCE 


List of Supporting / Complimenting Standards 


The following list is indicative and representative and not comprehensive or definitive. These standards are 
advised to be used where applicable and as required. 


S. No. 

Standard 

Description 

1 

ISO 12967:2009 

Health Informatics - Service Architecture (Parts 1 - 3) 

2 

ISO 13972:2015 

Health Informatics - Detailed Clinical Models, Characteristics and 

Processes 

3 

ISO 20301:2014 

Health Informatics - Health Cards - General Characteristics 

4 

ISO 21090:2011 

Health Informatics - Harmonized Data Types for Information 

Interchange 

5 

ISO 8601:2004 

Data elements and Interchange Formats - Information Interchange - 
Representation of Dates and Times 

6 

ISO 13119:2012 

Health Informatics - Clinical Knowledge Resources - Metadata 

7 

ISO 22857:2013 

Health Informatics - Guidelines on Data Protection to Facilitate Trans- 

Border Flows of Personal Health Data 

8 

ISO 21549-1:2013 

Health Informatics — Patient Healthcard Data — Part 1: General 

Structure 

9 

ISO TS 14265:2011 

Classification of Purposes for Processing Personal Health Information 

10 

ISO TS 27527:2010 

Health Informatics - Provider Identification 
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Standards and Interoperability 

INTEROPERABILITY STANDARDS 

The primary aim of interoperability standards is to ensure syntactic (structural] and semantic (inherent 
meaning] interoperability of data amongst systems at all times. The need for that cannot be overstated, more 
so within healthcare information systems whose primary aim is to deliver life-long clinical care at all times 
so that the person being cared for is able to maintain his/her health at optimal levels. 

The set of standards outlined in this document represents an incremental approach to adopting standards, 
implementation specifications; criteria to enhance the interoperability, functionality, utility, and security of 
health information technology; and to support its widespread adoption. It is to be kept in mind that these 
standards need to be flexible and modifiable to adapt to the demographic and resource variance observed in 
a country like India with its large population and diverse culture that is spread across a large region of varied 
geographical landscapes - hilly regions, river basins, desert, coast, etc. - many of which are remote and 
accessible only with difficulty. 

It is important to recognize that interoperability and standardization can occur at many different levels. To 
achieve interoperability, information models would need to be harmonized into a consistent representation. 

In other cases, organizations may use the same information model, but use different vocabularies or code 
sets (for example, SNOMED CT or ICD10] within those information models. To achieve interoperability at 
this level, standardizing vocabularies, or mapping between different vocabularies may be necessary. For 
some levels, (such as the network transport protocol], an industry standard that is widely used (e.g. TCP/IP 
- Transmission Control Protocol and Internet Protocol] will likely be the most appropriate. Ultimately, to 
achieve true interoperability, it is anticipated that multiple layers - network transportation protocols, data 
and services descriptions, information models, and vocabularies and code sets - will need to be standardized 
and/or harmonized to produce an inclusive, consistent representation of the interoperability requirements. 

It is further anticipated that using a harmonization process will integrate different representations of health 
care information into a consistent representation and maintain and update that consistent representation 
over time. For an information model, this process could include merging related concepts, adding new 
concepts, and mapping concepts from one representation of health care information to another. The need to 
support standardization of data and services descriptions and vocabularies and codes sets is appropriately 
addressed. 

It is also recognized that a sustainable and incremental approach to the adoption of standards will require 
processes for harmonizing both current and future standards. This will allow the incremental updating of 
the initial set of standards, implementation specifications, and certification criteria and provide a framework 
to maintain them. The decision to adopt such updates will be informed and guided by recommendations 
from an appropriate authority such as the proposed National eHealth Authority (NeHA], Ministry of Health 
& Family Welfare or expert groups. 


Page 8 





241 


File No. Q-11011 /2/2016-eGov (Computer No. 3062309 ) 
Receipt No : 374585/2016/MOHFW 


STANDARDS AND INTEROPERABILITY 


GOALS 

The goals of standards in electronic health record systems are: 

• Promote interoperability and where necessary be specific about certain content exchange and 
vocabulary standards to establish a path forward toward semantic interoperability 

• Support the evolution and timely maintenance of adopted standards 

• Promote technical innovation using adopted standards 

• Encourage participation and adoption by all vendors and stakeholders 

• Keep implementation costs as low as reasonably possible 

• Consider best practices, experiences, policies and frameworks 

• To the extent possible, adopt standards that are modular and not interdependent. 
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Health Record IT Standards 

IDENTIFICATION AND DEMOGRAPHIC INFORMATION OF PATIENT 
Demographic information including a unique identifier is necessary in a health record system in order to 
capture identifying information as well as identifiers for linking other medical artifacts logically as well as 
physically. All health record systems must therefore adhere to the following standards for capturing 
information related to patient demography and identifiers: 

1. ISO/TS 22220:2011 Health Informatics - Identification of Subjects of Health Care 

2. MDDS - Demographic (Person Identification and Land Region Codification) version 1.1 from E- 
Governance Standards, Government of India 

Implementation Guideline: Implemented must insure that health record application is able to capture all data 
fields as provided in the above two standards for completeness. It should also ensure that the system is able 
to interoperate (receive/import/send/export) all demographics information as provided in above two 
standards as per demand, i.e. when requested for demographics data in MDDS compliant format it should 
generate artefacts (file, message, etc.) as per that standard. Where codes related to location, authority, type 
of organization etc. are required, they should be taken from the MDDS-Demographic Standard. 

A health record system must have provision to include patient identifiers of following types: 

1. U1DAI Aadhaar Number (preferred where available) 

2. Both of the following in case Aadhaar is not available: 

2.1 Local Identifier (as per scheme used by HSP) 

2.2 Any Central or State Government issued Photo Identity Card Number 
Implementation Guidelines: 

1. Implemented must ensure that the Aadhaar number, where that is available, be used as the preferred 
identifier to serve as the unique health identifier. In case the Aadhaar number is not available, the system 
should allow a user to insert more than one (minimum of two) identifiers for each patient along with its 
scope and provider (as given in above mentioned patient demography standards) in the system. In 
situations where identity of patient cannot be obtained or ascertained, temporary identifiers may be 
used (as per scheme used by HSP) and later confirmed identifiers may be inserted (while making earlier 
ones as inactive). 

2. Identification of Patient across EHR systems : Due to lack of mandate for use of Aadhaar or any such 
alternative(s) national unique identifier, it is difficult to match patient records when exchanging them 
between two EHR systems. This may lead to situations where different combinations of local identifier 
and photo identity card numbers of the same person are used at different locations and/or in solutions. 
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Thus, a single person may get to have different identities under which his/her records are captured. A 
conflict resolution process may be required to help resolve such cases. At this time, there is no direct 
solution available other than to use smart (possibly heuristic] algorithms to attempt to match records 
without or with intervention/confirmation of a human supervisor. Such an algorithm may use name 
(phonetic or spelling], address (full or parts], date of birth / age, gender, or other such matching details 
to mark incoming or searched records as possible or exact match before amalgamation or subsequent 
use. 1SV may additionally need to provide the ability to merge/demerge patients to support this process 
within their solutions. 

ARCHITECTURE REQUIREMENTS AND FUNCTIONAL SPECIFICATIONS 

A health record system must meet architectural requirements and functional specifications to remain faithful 
to the needs of service delivery, be clinically valid and reliable, meet legal and ethical requirements, and 
support good medical practices. Therefore, a health record system must conform to the following standards: 

1. ISO 18308:2011 Health Informatics - Requirements for an Electronic Health Record Architecture 

2. 1SO/HL7 10781:2015 Health Informatics - HL7 Electronic Health Records-System Functional Model 
Release 2 (EHRFM] 

Implementation Guideline: Above two standards, despite being extensive, do not represent the full set of 
specifications and requirements that need to be met by a health record system or its many variants (PHR, 
etc.] or all possible use cases. The above mentioned standards are to be used as minimum set to be used 
within the scope of implementation as per relevance to the system being developed / deployed. 

LOGICAL INFORMATION REFERENCE MODEL AND STRUCTURAL COMPOSITION 
A health record system must accumulate observable data and information for all clinically relevant events 
and encounters. For this purpose, it is important to have common semantic and syntactic logical information 
model and structural composition for captured artefacts. Unless the data being captured is standardized, its 
communication and understanding may not be same across systems. Therefore, a health record system must 
conform to the following standards: 

1. ISO 13940 Health Informatics - System of Concepts to Support Continuity of Care 

2. ISO 13606 Health Informatics - Electronic Health Record Communication (Part 1 though 3] 

3. openEHR Foundation Models Release 1.0.2 

3.1 Required Model Specifications: Base Model, Reference Model, Archetype Model 

3.2 Optional Model Specifications: Service Model, Querying, Clinical Decision Support 

Implementation Guideline: The ISO 13940 (also known as CEN ContSys] is to be generally used for purpose 
of modelling and describing concept system and organize information objects. While ISO 13606 set of 
standards are basic reference model and related specifications, openEHR provides ISO 18308 conformant 
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platform-independent implementation harmonized with ISO 13606 standard. Implemented are free to 
design internal structures, databases, and user interfaces as per their requirements and preferred 
technology platforms but structural composition for clinical data/information artefact must be logically 
similar to Reference Model given in above standards. openEHR Operational Templates (OPT] adopted by an 
implementation, are to be public and free in required format for other implemented to ensure 
interoperability among them. 

MEDICAL TERMINOLOGY AND CODING STANDARDS 

In order to have semantic interoperability between different health record systems, it is necessary to follow 
a common terminology and coding system standards to express unambiguous meaning of data captured, 
stored, transmitted, and analyzed. It is also important to have these terminologies and codes in computer 
process-able format to aid automation and ensure that data is in an analyzable state at all times. Therefore, 
a health record system must conform to the following standards: 

1. Primary Terminology: IHTSDO - SNOMED Clinical Terms (SNOMED CT) 

Implementation Guideline: A health record system must use SNOMED CT as the primary internal encoding 
system for all clinically relevant, including dental, nursing, substance/drugs related information. IHTSDO 
SNOMED CT code shall also be used while communicating clinical information to other health record systems. 
SNOMED CT concept codes (as pre-coordinated or as post-coordinated expressions) are to be used for all 
hierarchies covered under the standard unless otherwise provided in this document. It shall also be the 
coding system that must be used internally in other information storage and communication standards such 
as openEHR archetypes, HL7, D1COM, etc. IHTSDO releases SNOMED CT twice annually. 

2. Test, Measurement and Observation Codes: Regenstrief Institute - Logical Observation Identifiers 
Nantes and Codes (LOINC) 

Implementation Guideline: LOINC coding is to be used for processing results and reports with Laboratory and 
Imaging Information Systems. N.B.: SNOMED CT to LOINC coding interchange map is available from IHTSDO 
and Regenstrief Institute. 

3. Classification Codes: WHO Family of International Classifications (WHO-FIC) 

3.1 WHO ICD-10: International Classification of Diseases (ICD) and its derivative classifications 

3.2 WHO ICF: International Classification of Functioning, Disability and Health (ICF) 

3.3 International Classification of Health Interventions (ICHI) 

3.4 International Classification of Diseases for Oncology (ICD-O) 

Implementation Guideline: WHO F1C codes are primarily used for aggregated information and 
statistical/epidemiological analysis for public health purposes derived from health records that contain 
patient care related information as well as information that is crucial for management, health financing and 
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general health system administration. While SNOMED CT is to be used by health record systems for 
terminology generated classification-based reports may require the use of WHO F1C codes. Classification 
based reporting, for statistical or regulatory purposes, may continue to use WHO F1C codes as mandated by 
the health regulatory, intelligence, and various research bodies. N.B.: SNOMED CT to ICD-10 coding 
interchange map is available from IHTSDO and WHO. 

DATA STANDARDS FOR IMAGE, MULTIMEDIA, WAVEFORM, DOCUMENT 
A health record system stores data records and files of various types in support of clinical functions. These 
data elements serve the purpose of documentary records of various diagnostic and prescriptive data or 
information generated. Therefore, a health record system must conform to the following standards for such 
data: 

1. NEMA Digital Imaging and Communications in Medicine (DICOM) PS3.0-2015 

Implementation Guideline: NEMA DICOM PS3.0-2015 is a comprehensive standard for handling and 
managing image (series or single), waveforms (such as those in ECG/EEG), audio (such as those in digital- 
stethoscope) and video (such as those in endoscope, ultrasound, etc.) data in medicine. A health record 
implementation is required to implement relevant DICOM Information Object Definitions (IODs) for 
supported data types in Part-10 compliant files. Where required and relevant, other features of standard 
such as services, display, print, and workflow may be implemented. 

2. Scanned or Captured Records: 

2.1 Image: JPEG lossy (or lossless) with size and resolution not less than 1024pxx 768px at 300dpi 

2.2 Audio/Video: ISO/1EC 14496 - Coding of Audio-Visual Objects 

2.3 Scanned Documents: ISO 19005-2 Document Management - Electronic Document File Format for 

Long-Term Preservation - Part 2: Use of ISO 32000-1 (PDF/A-2) (ref: Best Practices and 
Guidelines for Production of Preservable e-Records Verl.O from MeitY, Govt, of India) 

Implementation Guideline: The above mentioned standards are to be used for documentary data (scan for 
prescription, summaries, etc.) and data captured through traditionally non-DICOM compliant sources like 
picto-nricrographs, pathological photographs, photographs of intramural and extramural lesions, etc. All data 
formats that can be converted into relevant DICOM format should be, as relevant, converted and 
communicated as secondary captured DICOM format. It may be noted that while no maximum image 
resolution has been prescribed, a sufficiently acceptable limit may be used to avoid unnecessarily large file 
that do not aid in correspondingly better interpretation or analysis. 

DATA EXCHANGE STANDARDS 

A health record system has to operate in a larger ecosystem of other components with which it must share 
or communicate data in order to capture and provide as comprehensible medical information as is practical. 
A health record system must therefore conform to the following standards: 
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1. Event/Message Exchange: ANSI/HL7 V2.8.2-2015 HL7 Standard Version 2.8.2 - An Application 
Protocol for Electronic Data Exchange in Healthcare Environments 

2. Summary Records Exchange: ASTM/HL7 CCD Release 1 (basis standard ISO/HL7 27932:2009) 

3. EHR Archetypes: ISO 13606-5:2010 Health informatics - Electronic Health Record Communication - 
Part 5: Interface Specification [Also, refer to openEHR Service Model specification] 

4. Imaging/Waveform Exchange: NEMA D1COM PS3.0-2015 (using DIMSE services& Part-10 media/files) 

Implementation Guideline: Implementation of exchange standards is expected to be at least for the scope of 
data captured or retained by the health record system. To explain further, full implementation of ANSI/HL7 
V2.8.2 for each event and message is not required in health record systems but minimum implementation 
supporting the types of events and messages relevant to the system is required. Similarly, 
implementation/support of DICOM DIMSE C-Store and/or C-FIND/C-GET service is expected for lODs 
supported by health record system whereas implementation of WADO could be optional. 

OTHER STANDARDS RELEVANT TO HEALTHCARE SYSTEMS 

Healthcare record systems need to co-exist within a larger ecosystem with various other systems. It is 
important for all systems within a healthcare setup to adhere to relevant standards. While standards related 
to such systems are not within the scope of this document, as a general rule, standards created or ratified by 
following Standard Development Organizations (SDOs) should be used: 

1. Bureau of Indian Standards and its MHD-17 Committee 

2. ISO TC 215 set of standards 

3. 1EEE/NEMA/CE standards for physical systems and interfaces 

Implementation Guideline: To help the implementers, an indicative list of such standards is provided in the 
"Standards at a Glance” section above. Wherever applicable, BIS-approved standards shall be preferred for 
implementation. 

DISCHARGE/TREATMENT SUMMARY FORMAT 

Implementers must ensure that the logical information model includes data elements to satisfy requirements 
of the format for Medical Records as specified by Appendix-3 of Medical Council of India (MCI) Code of Ethics 
Regulation 2002 (amended upto Feb-2016). The printed reports should meet MCI prescribed formats 
whenever any discharge or treatment summary is prepared. 

E-PRESCRIPTION 

Pharmacy Council of India (PCI) has, in its recent regulation (Pharmacy Practice Regulations, 2015 
Notification No. 14-148/ 2012- PCI), provided the definition of the term under Section 2(j) that the term 
‘Prescription’ includes the term 'electronic direction’. Implementers must therefore ensure that the logical 
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information model includes data elements to satisfy requirements of the format for Medical Prescription as 
specified by the Pharmacy Council of India. The printed prescription will need to be in the PCI prescribed 
format whenever any medical prescription meant for drug dispensing is prepared. For the purpose of e- 
Prescription, implementers must ensure that the electronic version is digitally signed by a registered medical 
practitioner, and its non-repudiation is ensured at all times. The pharmacists shall be able to print a copy of 
e-Prescription in the required format along with other relevant digital authentication details. 

PERSONAL HEALTHCARE AND MEDICAL DEVICES INTERFACING 

Where not covered under relevant data exchange standards, it is recommended that IEEE 11073 health 
informatics standards and related ISO standards for medical devices be followed as appropriate whenever 
any personal healthcare/medical device is interfaced with the EMR system for the purpose of clinical data 
exchange, retrieval, storage, etc. 

PRINCIPLES OF DATA CHANGE 

The data once entered into a health record system must become immutable. The healthcare provider may 
have the option to re-insert/append any record in relation to the medical care of the patient as necessary 
with a complete audit trail of such change maintained by the system. Alteration of the previously saved data 
is not permitted. No update or update like command shall be accessible to user or administrator to store a 
medical record or part thereof. Any record requiring revision should create a new medical record containing 
the changed/appended/modified data of earlier record. This record shall then be stored and marked as 
ACTIVE while rendering the previous version(s) of the same record being marked INACTIVE. The data will 
thus in essence become immutable. A strict audit trail shall be maintained of all activities at all times that 
may be reviewed by an appropriate authority like auditor, legal representatives of the patient, the patient, 
healthcare provider, privacy officer, court appointed/authorized person, etc. as deemed necessary. 

As-Is Principal: 

The data captured through the devices is usually in a certain format whereas the data provided by the doctor 
as file may be in some different format. These data provided / included in the system are to be treated as 
sacrosanct. The "As-Is Principal" requires that the data captured in the first instance should be retrievable at 
any given point of time later in the same format, clarity, size and detail as it was provided during the time of 
record creation. 

It effectively means that the system is not allowed to make any changes either to the data or its format or its 
nature at any point other than the creation time for any reason. However, if it is required that the data needs 
to be altered either to carry some additional information at some later point, like annotation on images, or 
correction of errors of omission or commission, etc., it must be done on a copy of the original data, keeping 
the original data intact, and marking the updated version as active while marking the previous version 
inactive. The modified data will then become part of the EHR/EMR. 

Informed Format Change: 
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Whenever, the data, its format or its nature needs to be changed within the system, it must be done with the 
explicit consent of the doctor / technician / person that is entering or managing the data. This explicit 
consent can also be taken from a set of preferences already set by the user or the administrator / root of the 
system. In such preference based consent, there is no need to prompt the user for permission at each 
insertion point. 

Also, in case the system is set to change format or nature of data automatically by setting of preferences, it 
must be made sure that the rule of conversion is declared in the Standard Operating Procedure (SOP) of 
site/application. 
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Guidelines 

HARDWARE 

• The IT hardware used should meet (and preferably be better than) the optimal requirements specified 
by the software (to be) used. 

• The medical and IT hardware used must meet the relevant applicable specifications from BIS, NEMA, 
IEEE, ISO, CE, RoHS, EnergyStar, apart from Medical and IT standards for the equipment. 

• A backup or data preservation mechanism should be put in place. Data capacity should be planned to 
meet the storage requirement as per the mandated rules / laws. 

• System redundancy at various levels (disk, power, network, etc.) should be planned to meet the 
organizational system availability requirement. 

• Network and data security should be planned, implemented, and periodically audited. Please see 
section on Security and Privacy for the various requirements and functions that need to be supported and 
implemented. 

• Hardware should be checked periodically for correctness and completeness of operation expected from 
them. An appropriate maintenance cycle should be planned and rigorously followed. 

• Planned and expected Capacity and Quality requirement of the organization should be met by the 
hardware used. Periodic updates and upgrades should be carried out to meet these requirements. 

NETWORKING AND CONNECTIVITY 

• Should be able to harness any telecommunications-related connectivity like the Internet, LAN, WAN, 
WAP, CDMA, GSM or even Cloud Computing that will permit the various EMRs of an individual to be 
integrated into a single lifelong electronic health record 

• As far as is practical and affordable, the connectivity medium chosen should be reliable and fast 
enough to sustain a secure data exchange for the period expected for transaction of records and data. 
The speed of the connectivity medium should be chosen from among available options so as to provide 
an acceptable user experience and not cause software/system fault due to delays/noise/failure. 

• Should be able to ensure that data exchange is performed in a secure manner to ensure data validity 
and non-repudiability 

• The data exchange must further ensure that data integrity is maintained at all times 

SOFTWARE STANDARDS 

The software for capturing, storing, retrieving, viewing, and analyzing healthcare records should: 

• Conform to the specified standards 

• Satisfy specified requirements 

• Be Interoperable, especially in terms of syntax and semantics of the information being exchanged 
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• Should be able to ensure user authentication and authorization 

• Should be able to support privacy, secrecy and audit trail 

• Possess advanced search, merge, and demerge functionality to ensure that duplicates are robustly 
resolved 

• Should be able to support conception-to-current/most recent medical records of a person (as relevant 
to scope of application) 

• Should be able to support digital archiving and retrieval of medical records after the death of a person 
for the total duration as specified by Government of India from time to time 

• Should be able to construct a medical/clinical summary based on available records from the very first 
visit to current/most recent 

• Preferably be able to support rapid data capture-storage-retrieval-display of data 

HEALTH RECORD IN MOBILE DEVICES 

As people become more mobile and travel becomes more accessible, patients will increasingly expect the 
healthcare record system to provide essential health information over mobile devices, which will give their 
treating clinician basic information like, medical condition, drug/allergy information etc. Demographics, 
insurance info, medications, allergy and alerts, and vital signs are some of the records that are recommended 
to be provided in at least read-only manner and to the extent relevant for emergency care and quick reference. 
It is also possible that certain clinical (BP, temperature, glucose count) and lifestyle (steps walked, distance 
run, sleep duration and quality) related information will additionally be provided by the patient thereby 
providing vital clues and information on the overall wellbeing of patient. 

In the specific regard of design and usability of such applications, "Framework for Mobile Governance 2012” 
of DeitY, Ministry of Communication & Information Technology, Government of India shall be applicable. 
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Data Ownership of Health Records 

THE ETHICAL, LEGAL, SOCIAL ISSUES (ELSI) GUIDELINES 

For the purposes of these recommendations, the term "privacy" shall mean that only those person or 
person(s] including organizations duly authorized by the patient may view the recorded data or part thereof. 
The term "security” shall mean that all recorded personally identifiable data will at all times be protected 
from any unauthorized access, particularly during transport (e.g. from healthcare provider to provider, 
healthcare provider to patient, etc.]. The term "trust” shall mean that person, persons or organizations 
(doctors, hospitals, and patients] are those who they claim they are. 

The following approaches are to be adopted wherever applicable to address the aspects that the terms 
mentioned above refer to: 

• Privacy would refer to authorization by the owner of the data (the patient] 

• Security would have as components both public and private key encryption; the encryption techniques 
used in transit and at rest need to be through different methodologies. 

• Trust would be accepted whenever a trusted third party confirms identity 

PROTECTED HEALTH INFORMATION 

Protected Health Information (PHI] would refer to any individually identifiable information whether oral or 
recorded in any form or medium that (1] is created, or received by a stakeholder; and (2] relates to past, 
present, or future physical or mental health conditions of an individual; the provision of health care to the 
individual; or past, present, or future payment for health care to an individual. 

Electronic Protected Health Information (ePHl] would refer to any protected health information (PHI] that 
is created, stored, transmitted, or received electronically. Electronic protected health information includes 
any medium used to store, transmit, or receive PHI electronically. 

As per the Information Technology Act 2000, Data Privacy Rules, refers to ‘sensitive personal data or 
information’ (SPI] as the subject of protection, but also refers, with respect to certain obligations, to 'personal 
information’ (PI], Sensitive personal information is defined as a subset of personal information. Followings 
are Sensitive personal information that relates to: 

1. Passwords 

2. Financial information such as bank account or credit card or debit card or other payment instrument 
details 

3. Physical, psychological and mental health condition 

4. Sexual orientation 

5. Medical records and history 

6. Biometric information 
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7. Any detail relating to (1) - [6] above received by the body corporate for provision of services 

8. Any information relating to (1) - (7) that is received, stored or processed by the body corporate under 
a lawful contract or otherwise 

DATA OWNERSHIP 

• The physical or electronic records, which are generated by the healthcare provider, are held in trust by 
them on behalf of the patient 

• The contained data in record which are the protected health information of the patient is owned by the 
patient himself / herself. 

• The medium of storage or transmission of such electronic medical record will be owned by the 
healthcare provider. 

• The "sensitive personal information (SPI) and personal information (PI)” of the patient is owned by the 
patient herself. Refer to IT Act 2000 for the definition of SPI and PI. 

DATA ACCESS AND CONFIDENTIALITY 

• Regulations are to be enforced to ensure confidentiality of the recorded patient/medical data and the 
patient should have a control over this. 

• Patients will have the sufficient privileges to inspect and view their medical records without any time 
limit. Patient’s privileges to amend data shall be limited to correction of errors in the recorded 
patient/medical details. This shall need to be performed through a recorded request made to the 
healthcare provider within a period of 30 days from the date of discharge in all inpatient care settings 
or 30 days from the date of clinical encounter in outpatient care settings. An audit of all such changes 
shall be strictly maintained. Both the request and audit trail records shall be maintained within the 
system. 

• Patients will have the privileges to restrict access to and disclosure of individually identifiable health 
information and need to provide explicit consent, which will be audited, to allow access and/or 
disclosures. 

• All recorded data will be available to care providers on an 'as required on demand’ basis 

DISCLOSURE OF PROTECTED / SENSITIVE INFORMATION 

• For use in treatment, payments and other healthcare operations: In all such cases, a general consent 
must be taken from the patient or next of kin, etc. as defined by the MCI. 

• Fair use for non-routine and most non-health care purposes: A specific consent must be taken from the 
patient; format as defined by MCI. 

• For certain specified national priority activities, including notifiable/communicable diseases, the 
health information may be disclosed to appropriate authority as mandated by law without the patient's 
prior authorization 

• Instances where use and disclosure without individual authorization will be possible are as follows: 
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• Complete record with all identifiers in an "as-is” state, on production of court order 

• Totally anonymized data, where the anonymization process involves the complete removal of all 
information that allows the identification of the patient. (List of such personally identifiable 
information is provided below) 

RESPONSIBILITIES OF A HEALTHCARE PROVIDER 

• Protect and secure the stored health information, as per the guidelines specified in this document 

• While providing patient information, remove patient identifying information (as provided in the list 
below), if it is not necessary to be provided 

• Will ensure that there are appropriate means of informing the patient of policies relating to her/his 
rights to health record privacy 

• Document all its privacy policies and ensure that they are implemented and followed. This will include: 

• Develop internal privacy policies 

• Ensure implementation of privacy policies, audit and quality assurance 

• Provide privacy training to all its staff 

PRIVILEGES OF PATIENT OR PERSONAL REPRESENTATIVE 

Patient will have the privilege to carry out the activities detailed below, personally, or through their 
appointed representative. 

• Patients can demand from a healthcare provider a copy of their medical records held by that healthcare 
provider, which should be provided within 30 days of receipt of communication of request. 

• Patients can demand from a healthcare provider that stores/maintains his/her medical records, to 
withhold, temporarily or permanently, specific information that he/she does not want disclosed to 
other organizations or individuals. 

• Patient can demand information from a healthcare provider on the details of disclosures performed on 
the patient’s medical records for any reason whatsoever. When demanded, following details are to be 
provided for each instance of disclosure: 

• Date of the disclosure 

• Name and address of the entity or person who received the information 

• Brief description of the medical information disclosed 

• Brief summary of the purpose of the disclosure 

DENIAL OF INFORMATION 

Healthcare provider will be able to deny information to a patient or representative or third party, in 
contravention of normal regulations, if in the opinion of a licensed healthcare professional the release of 
information would endanger the life or safety of the patients and others. This will include but not be limited 
to as follows: 
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• Information obtained from an anonymous source under a promise of confidentiality. 

• Psychotherapy notes. 

• Information compiled for civil, criminal or administrative action. 

ELECTRONIC MEDICAL RECORDS PRESERVATION 

Preservation of medical records assume significant importance in view of the fact that an electronic health 
record of a person is an aggregation of all electronic medical records of the person from the very first entry 
to the most recent one. Hence, all records must compulsorily be preserved and not destroyed during the life¬ 
time of the person, ever. 

Upon the demise of the patient where there are no court cases pending, the records can be removed from 
active status and turned to inactive status. HSPs are free to decide when to make a record inactive, however, 
it is preferable to follow the "three (3) year rule" where all records of a deceased are made inactive three (3) 
years after death. 

It is however preferred, and the HSPs are strongly encouraged to ensure, that the records are never be 
destroyed or removed permanently. The health of the blood relatives and natural descendants of the person 
can be strongly influenced by the health of the person and on-demand access to these may prove to be hugely 
useful in the maintenance of the health of the relations. 

Furthermore, analysis of health data of all persons is expected to greatly benefit in the understanding of 
health, disease processes and the amelioration thereof. 

With rapid decline in costs of data archiving coupled with the ability to store increasing amounts of data that 
may be readily accessible, continued maintenance of such data is not expected to lead to any major impact 
on the overall system maintenance and use. 

PATIENT IDENTIFYING INFORMATION 

Data are "individually identifiable" if they include any of the under mentioned identifiers for an individual or 
for the individual's employer or family member, or if the provider or researcher is aware that the information 
could be used, either alone or in combination with other information, to identify an individual. These 
identifiers are as follows: 

• Name 

• Address (all geographic subdivisions smaller than street address, and PIN code] 

• All elements (except years] of dates related to an individual (including date of birth, date of death, etc.] 

• Telephone, cell (mobile] phone and/or Fax numbers 

• Email address 

• Bank Account and/or Credit Card Number 

• Medical record number 

• Health plan beneficiary number 
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• Certificate/license number 

• Any vehicle or other any other device identifier or serial numbers 

• PAN number 

• Passport number 

• AADHAAR card 

• Voter ID card 

• Fingerprints/Biometrics 

• Voice recordings that are non-clinical in nature 

• Photographic images and that possibly can individually identify the person 

• Any other unique identifying number, characteristic, or code 

APPLICABLE LEGISLATION 

The existing Indian laws including IT Act 2000 and their amendments from time to time would prevail, 
f http://deity, gov.in/content/information-technology-act-2000 1. 
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Data Privacy and Security 

SECURITY OF ELECTRONIC HEALTH INFORMATION: 

The Privacy Standards and the Security Standards are necessarily linked. Any health record system requires 
safeguards to ensure that the data is available when needed and that the information is not used, disclosed, 
accessed, altered, or deleted inappropriately while being stored or retrieved or transmitted. The Security 
Standards work together with the Privacy Standards to establish appropriate controls and protections. 
Health sector entities that are required to comply with the Privacy Standards must also comply with the 
Security Standards. 

Organizations must consider several factors when adopting security measures. How a healthcare provider 
satisfies the security requirements and which technology it decides to use are business decisions left to the 
individual organizations. In deciding what security measures to adopt, an organization must consider its size, 
complexity, and capabilities; it’s technical infrastructure, hardware, and software security capabilities; the 
cost of particular security measures; and the probability and degree of the potential risks to the ePHl it stores, 
retrieves and transmits. 

PURPOSE OF THE SECURITY STANDARDS 

The security standards require healthcare providers to implement reasonable and appropriate 
administrative, physical, and technical safeguards to: 

• ensure the confidentiality, integrity, and availability of all the e-PHl they create, transmit, receive, or 
maintain 

• protect against reasonably anticipated threats or hazards to the security or integrity of their e-PHl 

• protect against uses or disclosures of the e-PHl that are not required or permitted under the Privacy 
Standards 

• ensure their workforce will comply with their security policies and procedures 

SECURUTY TECHNICAL STANDARDS 

To protect the ePHl handles by a healthcare provider, the provider must implement technical safeguards as 
part of its security plan. Technical safeguards refer to using technology to protect ePHI by controlling access 
to it. Therefore, they must address the following standards, focusing on the functionalities thereof. It is worth 
noting that they will need to use an EHR/EMR solution that is able to successfully and robustly demonstrate 
the possession and working of these functionalities. 

The basic requirements for security and privacy are provided in following standard: 

1. 1SO/TS 14441:2013 Health Informatics - Security & Privacy Requirements of EHR Systems for Use in 
Conformity Assessment 
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Authentication: 

• Locally within the system the fact that a person or entity seeking access to electronic health 
information is indeed the one as claimed and is also authorized to access such information must be 
verifiable. 

• Across the network, however extensive it might be, the fact that a person or entity seeking access to 
electronic health information across a network is the one claimed and is authorized to access such 
information in accordance with the standard specified in this document must be verifiable. 

Automatic log-off: An electronic session after a predetermined time of inactivity must be forcibly 
terminated. To log in back, the user will have to initiate a new log in session. However, for the sake of 
ergonomics, it is recommended that the unsaved state of the system at the time of automatic log-off be saved 
and presented back to the user for further action. This should be a user-specific feature. 

The advisory standard for overall information security management in health is: 

2. ISO 27799 Health informatics - Information Security Management in Health using ISO/IEC 27002 

Implementation Guideline: The ISO 27799 is provided as a basic advisory standard for security management. 
Other security management and standard / practices / guidelines given by Law (such as IT Act 2000 and 
amendments) or regulatory / statutory / certification bodies (such as National Accreditation Board for 
Hospitals & Health care Providers (NABH)) should be taken in consideration when designing and/or 
implementing health record system. 

Access control: The solution must assign a unique name and/or number for identifying and tracking user 
identity and establish controls that permit only authorized users to access electronic health information. In 
cases of emergency where access controls need to be suspended in order to save a life, authorized users (who 
are authorized for emergency situations) will be permitted to have unfettered access electronic health 
information for the duration of the emergency with the access remaining in force during the validity of the 
emergency situation. 

Access Privileges: Ideally only clinical care providers should have access rights to a person’s clinical records. 
However, different institutional care providers have widely varying access privileges specified that are 
institution-specific. No country-wide standards can be specified for this at least at this point in time. 

For privilege management and access control, following standards may be used: 

3. ISO 22600:2014 Health informatics - Privilege Management and Access Control (Part 1 through 3) 

Implementation Guideline: The ISO 22600 set of standards is provided as an advisory standard for policy 
based access control. For the purpose of privilege management, rule / policy based access is expected to give 
better control and flexibility in defining and enforcing access control. Access control mechanisms such as 
Role Based, Policy Based, or singular user (applicable in case of mobile based PHR) are acceptable as long as 
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conformant to applicable data security law(s) and rules as well as policy of the organization where 
implemented. 


Audit log: 

• All actions related to electronic health information in accordance with the standard specified in this 
document including viewing should be recorded. 

• All actions based on user-defined events must be recorded. 

• All or a specified set of recorded audit information, upon request or at a set period of time, must be 
electronically displayed or printed for user/administrative review. 

• All actions related to electronic health information must be recorded with the date, time, record 
identification, and user identification whenever any electronic health information is created, modified 
(non-clinical data only), deleted (stale and non-clinical data only), or printed; and an indication of 
which action(s) took place must also be recorded. 

• A cross-enterprise secure transaction that contains sufficient identity information such that the 
receiver can make access control decisions and produce detailed and accurate security audit trails 
should be preferably used within the system. 


The advisory standard for audit trail / log in health record system is: 

4. ISO 27789:2013 Health informatics - Audit Trails for Electronic Health Records 


Integrity: 

• During data transit the fact that the electronic health information has not been altered in transit in 
accordance with the standard specified in this document must be verifiable. 

• Detection of events - all alterations and deletions of electronic health information and audit logs, in 
accordance with the standard specified in this document must be detected. 

• Appropriate verification that electronic health information has not been altered in transit shall be 
possible at any point in time. A secure hashing algorithm must be used to verify that electronic health 
information has not been altered in transit and it is recommended that the Secure Hash Algorithm 
(SHA) used must be SHA-256 or higher. 

Encryption: 

• Generally, all electronic health information must be encrypted and decrypted as necessary according to 
organization defined preferences in accordance with the best available encryption key strength 
(minimum 256-bits key). 


Page 26 





259 


File No. Q-11011 /2/2016-eGov (Computer No. 3062309 ) 
Receipt No : 374585/2016/MOHFW 


DATA PRIVACY AND SECURITY 


• During data exchange all electronic health information must be suitably encrypted and decrypted 
when exchanged in accordance with an encrypted and integrity protected link. 

• Secure Transmission standards and mechanisms must be used to allow access to health information as 
well as transmit data from one application / site to another. For this purpose HTTPS, SSL v3.0, and TLS 
vl.2 standards should be used. Please refer to relevant IETF, IEEE, ISO, and FIPS standards for same. 

Digital Certificates: 

Use of Digital Certificates for identification and digital signing is recommended in health record system. 
Health record system must use following standard where digital certificates are used: 

5. ISO 17090 Health informatics - Public Key Infrastructure (Part 1 through 5) 

ADMINISTRATIVE SAFEGUARDS STANDARDS 

The Administrative Safeguards require healthcare providers to develop and implement a security 
management process that includes policies and procedures that address the full range of their security 
vulnerabilities. Being administrative in nature, these need to be internally designed and developed as 
standard operating procedure (SOP) that must be published for all users to see and adhere to. Conformance 
to adherence may be delegated to the Privacy Officer detailed in the Data Ownership chapter above. To 
comply with the Administrative Safeguards, a healthcare provider must implement the following standards. 

• The security management process standard, to prevent security violations; 

• Assigned security responsibility, to identify a security officer; 

• Workforce security, to determine e-PHI user access privileges; 

• Information access management, to authorize access to e-PHI; 

• Security awareness training, to train staff members in security awareness; 

• Security incident procedures, to handle security incidents; 

• Contingency plan, to protect e-PHI during an unexpected event; and 

• Evaluation, to evaluate an organization's security safeguards. 

PHYSICAL SAFEGUARDS STANDARDS 

Physical safeguards are security measures to protect a healthcare provider’s electronic information systems, 
related equipment, and the buildings housing the systems from natural and environmental hazards, and 
unauthorized intrusion. Healthcare providers must fulfill the following standards. However, since most of 
the implementation specifications in this category are addressable, healthcare providers have the flexibility 
in determining how to comply with the requirements as long as these are internally designed and developed 
as per the relevant SOP and published for all users to see and adhere to. Conformance to adherence may be 
delegated to the Privacy Officer detailed in the Data Ownership chapter above. 

The required physical standards are: 
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• The facility access control standard, to limit actual physical access to electronic information systems 
and the facilities where they're located; 

• The workstation use standard, to control the physical attributes of a specific workstation or group of 
workstations, to maximize security; 

• The workstation security standard, to implement physical safeguards to deter the unauthorized access 
of a workstation; and 

• The device and media controls standard, to control the movement of any electronic media containing 
ePHl from, to or within the facility. 
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Glossary 

The various terms, including acronyms, are explained from a conceptual point and may not be the formal 
definitions. 

ADSL (Asymmetric Digital Subscriber Line): A type of DSL that uses copper telephone lines to transmit data 
faster than a traditional modem. ADSL only works within short distances because it uses high frequencies 
with short signals. 

Allergy List: This is a list of all the patient’s allergies. 

Allopathic, Allopathy: Defined as relating to or being a system of medicine that aims to combat disease by 
using remedies (as drugs or surgery) which produce effects that are different from or incompatible with 
those of the disease being treated 

Ambulatory care: Any medical care delivered on an outpatient basis. 

ANM: Auxiliary Nurse Midwife 

Archetype: Basically an information model, it is a computable expression of a domain content model in the 
form of structured constraint statements, based on a reference (information) model. Within the openEHR 
paradigm, archetypes are based on the openEHR reference model. Archetypes are all expressed in the same 
formalism. In general, they are defined for wide re-use, however, they can be specialized to include local 
particularities. They can accommodate any number of natural languages and terminologies. 

Artefact: An object made by a human being, typically one of cultural or historical interest. In healthcare IT 
context, an artefact is any item such as a document, file or drawing, etc. that is generated for use as a reference 
material or inside a system. 

ASHA: Accredited Social Health Activist is usually a literate 25 - 45 year old married/ widowed/ divorced 
lady selected from the village itself and accountable to it and trained to work as an interface between the 
community and the public health system. This is position is one of the key components of the National Rural 
Health Mission aimed at providing every village in the country with a trained female community health 
activist 

ATC: Anatomical Therapeutic Chemical Classification System, controlled by the WHO Collaborating Centre 
for Drug Statistics Methodology (WHOCC), is used for drug classification. 

Authentication: The verification of the identity of a person or process. 

Authorization: Any document designating any permission. Authorization or waiver of authorization for the 
use or disclosure of identifiable health information for research (among other activities) is required. The 
authorization must indicate if the health information used or disclosed is existing information and/or new 
information that will be created. The authorization form may be combined with the informed consent form, 
so that a patient need sign only one form. An authorization must include the following specific elements: a 
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description of what information will be used and disclosed and for what purposes; a description of any 
information that will not be disclosed, if applicable; a list of who will disclose the information and to whom 
it will be disclosed; an expiration date for the disclosure; a statement that the authorization can be revoked; 
a statement that disclosed information may be re-disclosed and no longer protected; a statement that if the 
individual does not provide an authorization, she/he may not be able to receive the intended treatment; the 
subject’s signature and date. 

AYUSH: Ayurveda, Yoga, Unani, Siddha and Homeopathy. Falls under the broad category of Indian Systems of 
Medicines and Homoeopathy (ISM&H) governed by Ministry of Health and Family Welfare, Government of 
India 

[C] 

CCD (Continuity of Care Document): A joint effort of HL7 International and ASTM. CCD fosters 
interoperability of clinical data by allowing physicians to send electronic medical information to other 
providers without loss of meaning and enabling improvement of patient care. CCD is an implementation 
guide for sharing Continuity of Care Record (CCR) patient summary data using the HL7 Version 3 Clinical 
Document Architecture (CDA), Release 2. It establishes a rich set of templates representing the typical 
sections of a summary record, and these same templates for vital signs, family history, plan of care, and so 
on can then be used for establishing interoperability across a wide range of clinical use cases. 

CDT: Common Dental Terminology 

Chain of Trust Agreement: A contract needed to extend the responsibility to protect health care data across 
a series of sub-contractual relationships. 

Chief Complaint (CC), Reason for Consultation (RFC), Reason of Visit (ROV): for recording a patient’s disease 
symptoms. 

Client/Server Architecture: An information-transmission arrangement, in which a client program sends a 
request to a server. When the server receives the request, it disconnects from the client and processes the 
request. When the request is processed, the server reconnects to the client program and the information is 
transferred to the client. This usually implies that the server is located on site as opposed to the ASP 
(Application Server Provider) architecture. 

Clinical Care Provider: Personnel or entities directly related to providing clinical care to patient. 

Clinical Data Repository (CDR): A real-time database that consolidates data from a variety of clinical sources 
to present a unified view of a single patient. It is optimized to allow clinicians to retrieve data for a single 
patient rather than to identify a population of patients with common characteristics or to facilitate the 
management of a specific clinical department. 

Clinical Decision Support System (CDSS): A clinical decision support system (CDSS) is software designed to 
aid clinicians in decision making by matching individual patient characteristics to computerized knowledge 
bases for the purpose of generating patient-specific assessments or recommendations. 
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Clinical Establishment: Clinical establishment means (1) a hospital, maternity home, nursing home, 
dispensary, clinic, sanatorium or an institution by whatever name called that offers services, facilities 
requiring diagnosis, treatment or care for illness, injury, deformity, abnormality or pregnancy in any 
recognized system of medicine established and administered or maintained by any person or body of 
persons, whether incorporated or not; or (2) a place established as an independent entity or part of an 
establishment referred to above, in connection with the diagnosis or treatment of diseases where 
pathological, bacteriological, genetic, radiological, chemical, biological investigations or other diagnostic or 
investigative services with the aid of laboratory or other medical equipment, are usually carried on, 
established and administered or maintained by any person or body of persons, whether incorporated or not. 
(Clinical Establishment Act - CEA 2010) 

Clinical Guidelines (Protocols): Clinical guidelines are recommendations based on the latest available 
evidence for the appropriate treatment and care of a patient’s condition. 

Clinical Messaging: Communication of clinical information within the electronic medical record to other 
healthcare personnel. 

Coded Data: Data are separated from personal identifiers through use of a code. As long as a link exists, data 
are considered indirectly identifiable and not anonymous or anonymized. 

Code Set: Any set of codes used to encode data elements, such as tables of terms, medical concepts, medical 
diagnostic codes, or medical procedure codes. This includes both the codes and their descriptions. 

Coding: A mechanism for identifying and defining physicians’ and hospitals’ services. Coding provides 
universal definition and recognition of diagnoses, procedures and level of care. Coders usually work in 
medical records departments and coding is a function of billing. Medicare fraud investigators look closely at 
the medical record documentation, which supports codes and looks for consistency. Lack of consistency of 
documentation can earmark a record as "up-coded" which is considered fraud. A national certification exists 
for coding professionals and many compliance programs are raising standards of quality for their coding 
procedures. 

Computer-Based Patient Record (CPR): A term for the process of replacing the traditional paper-based chart 
through automated electronic means; generally includes the collection of patient-specific information from 
various supplemental treatment systems, i.e., a day program and a personal care provider; its display in 
graphical format; and its storage for individual and aggregate purposes. CPR is also called "digital medical 
record” or "electronic medical record”. 

Computerized Patient Record (CPR): Also known as an EMR or EHR.A patient's past, present, and future 
clinical data stored in a server. 

Computerized Physician Order Entry (CPOE): A system for physicians to electronically order labs, imaging 
and prescriptions 
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CPT (Current Procedural Terminology] Code: A recognizable five-digit number used to represent a service 
provided by a healthcare provider. It is a manual that assigns five digit codes to medical services and 
procedures to standardize claims processing and data analysis. The coding system for physicians’ services 
developed by the CPT Editorial Panel of the American Medical Association. 

[D] 

Data Content: All the data elements and code sets inherent to a transaction, and not related to the format of 
the transaction. 

Data: This is factual information (as measurements or statistics] used as a basis for reasoning, discussion, or 
calculation. It additionally points to the information output by a sensing device or organ that includes both 
useful and irrelevant or redundant information and must be processed to be meaningful. 

Database Management System (DBMS]: The separation of data from the computer application that allows 
entry or editing of data. 

D1COM (Digital Imaging and Communications in Medicine]: Digital Imaging and Communications in 
Medicine (DICOM] is a standard to define the connectivity and communication between medical imaging 
devices. 

Disease Management: A type of product or service now being offered by many large pharmaceutical 
companies to get them into broader healthcare services. Bundles use of prescription drugs with physician 
and allied professionals, linked to large databases created by the pharmaceutical companies, to treat people 
with specific diseases. The claim is that this type of service provides higher quality of care at more reasonable 
price than alternative, presumably more fragmented, care. The development of such products by hugely 
capitalized companies should be the entire indicator necessary to convince a provider of how the healthcare 
market is changing. Competition is coming from every direction—other providers of all types, payers, 
employers who are developing their own in-house service systems, the drug companies. 

Document Imaging: Is a process of converting paper documents into an electronic format usually through a 
scanning process. 

Document Management: The Document Manager allows the medical institution to store vital patient 
documents such as X-Ray’s, Paper Reports, and Lab Reports etc. 

Documentation: The process of recording information. 

DOHAD: Developmental Origins of Health and Diseases 

Drug Formulary: Varying lists of prescription drugs approved by a given health plan for distribution to a 
covered person through specific pharmacies. Health plans often restrict or limit the type and number of 
medicines allowed for reimbursement by limiting the drug formulary list. The list of prescription drugs for 
which a particular employer or State Medicaid program will pay. Formularies are either "closed," including 
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only certain drugs or "open," including all drugs. Both types of formularies typically impose a cost scale 
requiring consumers to pay more for certain brands or types of drugs. See also Formulary. 

Drug Formulary Database: This EMR feature is used for electronic prescribing, electronic medical record 
(EMR), and computerized physician order entry (CPOE) systems to present formulary status to the provider 
while during the prescribing decision. 

DSM: Diagnostic and Statistical Manual for Mental Diseases 

[E] 

EDI: Acronym for Electronic Data Interchange. Electronic communication between two parties, generally for 
the filing of electronic claims to payers. 

EDI Translator: Used in electronic claims and medical record transmissions, this is a software tool for 
accepting an EDI transmission and converting the data into another format, or for converting a non-EDI data 
file into an EDI format for transmission. See also Electronic Data Interchange. 

EHR/EMR System Designer, Developer, Manufacturer, Vendor, Supplier, Retailer, Re-seller: Any entity that is 
involved in the design, development, testing, manufacturing, supplying, selling including re-selling of 
Electronic Health Records or Electronic Medical Records Systems as a whole or part thereof. 

Electronic Data Interchange (EDI): The automated exchange of data and documents in a standardized format. 
In health care, some common uses of this technology include claims submission and payment, eligibility, and 
referral authorization. This refers to the exchange of routine business transactions from one computer to 
another in a standard format, using standard communications protocols. 

Electronic Health Records (EHR): The one or more repositories, physically or virtually integrated, of 
information in computer processable form, relevant to the wellness, health and healthcare of an individual, 
capable of being stored and communicated securely and of being accessible by multiple authorized users, 
represented according to a standardized or commonly agreed logical information model. Its primary purpose 
is the support of life-long, effective, high quality and safe integrated healthcare. [ISO 18308:2011] 

Electronic Medical Records (EMR): The EMR could be considered as special case of the EHR, restricted in 
scope to the medical domain or at least very much medically focused [1SO/TR 20514], The Japanese 
Association of Healthcare Information Systems (JAHIS) has defined a five-level hierarchy of the EMR; 
Departmental EMR: contains a patient’s medical information entered by a single hospital department (e.g. 
pathology, radiology, pharmacy); Inter-departmental EMR: contains a patient’s medical information from 
two or more hospital departments; Hospital EMR: contains a patient’s clinical information from a particular 
hospital; Inter-hospital EMR: contains a patient’s medical information from two or more hospitals; EHR: 
longitudinal collection of health information from all sources. [Classification of EMR systems, JAHIS, VI.1, 
Mar 1996] 

Electronic Protected Health Information (ePHI): Electronic Protected Health Information (ePHI) is any 
protected health information (PHI) that is created, stored, transmitted, or received electronically. Electronic 
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protected health information includes any medium used to store, transmit, or receive PHI electronically. The 
following and any future technologies used for accessing, transmitting, or receiving PHI electronically are 
covered. Media containing data at rest (data storage) like personal computers with internal hard drives used 
at work, home, or traveling, external portable hard drives, including iPods and similar devices, magnetic tape, 
removable storage devices, such as USB memory sticks, CDs, DVDs, and floppy disks, PDAs and smartphones 
and data in transit, via wireless, Ethernet, modem, DSL, or cable network connections, Email, File transfer. 
(For Protected Health Information - PHI, please see below) 

Encounter: A clinical encounter is defined by ASTM as "(1) an instance of direct provider/practitioner to 
patient interaction, regardless of the setting, between a patient and a practitioner vested with primary 
responsibility for diagnosing, evaluating or treating the patient’s condition, or both, or providing social 
worker services. (2) A contact between a patient and a practitioner who has primary responsibility for 
assessing and treating the patient at a given contact, exercising independent judgment." Encounter serves 
as a focal point linking clinical, administrative and financial information. Encounters occur in many different 
settings — ambulatory care, inpatient care, emergency care, home health care, field and virtual (telemedicine). 

Episode: An episode of care consists of all clinically related services for one patient for a discrete diagnostic 
condition from the onset of symptoms until the treatment is complete 
[http://www.ncmedsoc.org/non_members/pai/PAI-FinalWorkbookforVideo.pdf] Thus, for every new 
problem or set of problems that a person visits his clinical care provider, it is considered a new episode. 
Within that episode the patient will have one or many encounters with his clinical care providers till the 
treatment for that episode is complete. Even before the resolution of an episode, the person may have a new 
episode that is considered as a distinctly separate event altogether. Thus, there may be none, one or several 
ongoing active episodes. All resolved episodes are considered inactive. Hence they become part of the 
patient's past history. A notable point here is that all chronic diseases are considered active and may never 
get resolved during the life-time of the person, e.g., diabetes mellitus, hypertension, etc. 

EPR: Broadly defined, a personal health record is the documentation of any form of patient information- 
including medical history, medicines, allergies, visit history, or vaccinations-that patients themselves may 
view, carry, amend, annotate, or maintain. Today, when we refer to PHRs, we typically mean an online 
personal health record-which may variously be referred to as an ePHR, an Internet PHR, an Internet medical 
record, or a consumer Internet Medical Record (CIMR). Generally, such records are maintained in a secure 
and confidential environment, allowing only the individual, or people authorized by the individual, to access 
the medical information. Not all electronic PHRs are Internet PHRs. PC-based PHRs may be set up to capture 
medical information offline. 

Evidence Based Medicine: Evidence-based medicine (EBM) is the integration of best research evidence with 
clinical expertise to aid in the diagnosis and management of patients. 

[F] 

Family History: A list of the patient’s family medical history including the chronic medical problems of 
parents, siblings, grandparents, etc. 
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FHIR: Fast Flealth Interoperable Resources, the newest version from HL7 org for messaging. 

Formatting and Protocol Standards: Data exchange standards which are needed between CPR systems, as 
well as CPT and other provider systems, to ensure uniformity in methods for data collection, data storage 
and data presentation. Proactive providers are current in their knowledge of these standards and work to 
ensure their information systems conform to the standards. 

Formulary: An approved list of prescription drugs; a list of selected pharmaceuticals and their appropriate 
dosages felt to be the most useful and cost effective for patient care. Organizations often develop a formulary 
under the aegis of a pharmacy and therapeutics committee. In HMOs, physicians are often required to 
prescribe from the formulary. See also Drug Formulary. 

[G] 

Growth Chart: A feature for a Primary Care or EMR that can be used for pediatric patients. Age, height, weight, 
and head measurements can be entered over the patient's lifetime, and the feature creates a line graph. 

[H] 

Health Care Operations: Institutional activities that is necessary to maintain and monitor the operations of 
the institution. Examples include but are not limited to: conducting quality assessment and improvement 
activities; developing clinical guidelines; case management; reviewing the competence or qualifications of 
health care professionals; education and training of students, trainees and practitioners; fraud and abuse 
programs; business planning and management; and customer service. Under the H1PAA Privacy Rule, these 
are allowable uses and disclosures of identifiable information "without specific authorization." Research is 
not considered part of health care operations. 

Health Care, Healthcare: Care, services, and supplies related to the health of an individual. Health care 
includes preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and counseling, 
among other services. Healthcare also includes the sale and dispensing of prescription drugs or devices. 

Health Information: Information in any form (oral, written or otherwise) that relates to the past, present or 
future physical or mental health of an individual. That information could be created or received by a health 
care provider, a health plan, a public health authority, an employer, a general health insurer, a school, a 
university or a health care clearinghouse. 

Health Level Seven (HL7): A data interchange protocol for health care computer applications that simplifies 
the ability of different vendor-supplied IS systems to interconnect. Although not a software program in itself, 
HL7 requires that each healthcare software vendor program HL7 interfaces for its products. The organization 
is one of the American National Standards Institute accredited Standard Developing Organization (SDO) - 
Health Level 7 domain is the standards for electronic interchange of clinical, financial and administrative info 
among healthcare oriented computer systems. Is a not-for-profit volunteer organization. It develops 
specifications, most widely used is the messaging standard that enables disparate health care applications 
to exchange key sets of clinical and administrative data. It promotes the use of standards within and among 
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healthcare organizations to increase the effectiveness and efficiency of healthcare delivery. It is an 
international community of healthcare subject matter experts and information scientists collaborating to 
create standards for the exchange, management and integration of electronic healthcare information. 

Health: The state of complete physical, mental, and social well-being and not merely the absence of disease 
or infirmity. It is recognized, however, that health has many dimensions (anatomical, physiological, and 
mental) and is largely culturally defined. The relative importance of various disabilities will differ depending 
upon the cultural milieu and the role of the affected individual in that culture. Most attempts at measurement 
have been assessed in terms or morbidity and mortality. 

Healthcare provider: A health care provider is an individual or an institution that provides preventive, 
curative, promotional or rehabilitative health care services in a systematic way to individuals, families or 
communities. An individual health care provider may be a health care professional, an allied health 
professional, a community health worker, any or other person trained and knowledgeable in medicine, 
nursing or other allied health professions, or public/community health workers like, ASHA, ANM, midwives, 
paramedical staff, OT/lab/radio-diagnostic technicians, etc. An institution will include hospitals, clinics, 
primary care centers and other service delivery points of health care individual clinics, polyclinics, diagnostic 
centers, etc., i.e., any place where a medical record is generated during a patient-care provider encounter (in 
conformance to CEA 2010 - please refer to Clinical Establishment item above). It must be noted that any 
person solely performing non-clinical work is not a care provider. 

Healthcare Service Provider (HSP): see Healthcare provider 

History of Present Illness (HP1): The HP1 is the history of the patient’s chief complaint. 

Human Subject: Refers to a living subject participating in research about whom directly or indirectly 
identifiable health information or data are obtained or created. 

Hybrid Record: Term used for when a provider uses a combination of paper and electronic medical records 
during the transition phase to EMR. 

[I] 

IOD: Information Object Definition, pertains to D1COM 

Independent Software Vendor (ISV): A company specializing in making or selling software products that runs 
on one or more computer hardware or operating system platforms. 

Immunization: A complete list of all immunizations that the patient has had. 

Informatics: The application of computer technology to the management of information. 

Integration: Integration allows for secure communication between enterprise applications. 

Interface: A means of communication between two computer systems, two software applications or two 
modules. Real time interface is a key element in healthcare information systems due to the need to access 
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patient care information and financial information instantaneously and comprehensively. Such real time 
communication is the key to managing health care in a cost effective manner because it provides the 
necessary decision-making information for clinicians, providers, other stakeholders, etc. 

International Classification of Diseases: This is the universal coding method used to document the incidence 
of disease, injury, mortality and illness. A diagnosis and procedure classification system designed to facilitate 
collection of uniform and comparable health information. The ICD-9-CM was issued in 1979. This system is 
used to group patients into DRGs, prepare hospital and physician billings and prepare cost reports. 
Classification of disease by diagnosis codified into six-digit numbers. See also coding. 

International Health Terminology Standards Development Organization (1HTSDO]: Denmark-based 
organization that maintains and licenses SNOMED codes worldwide. 

Interoperability: The capability to provide successful communication between end-users across a mixed 
environment of different domains, networks, facilities and equipment. 

ISP: Internet Service Provider 

ISV (Independent Software Vendor): An independent software vendor (1SV) is a company specializing in 
making or selling software, designed for mass or niche markets. This typically applies for application-specific 
or embedded software, from other software producers. 

[J] 

J-Codes: A subset of the HCPCS Level II code set with a high-order value of "J” that has been used to identify 
certain drugs and other items. 

[L] 

LAN (Local Area Network): A LAN supplies networking capability to a group of computers in close proximity 
to each other such as in an office building, a school, or a home. 

Legacy System Integration: The integration of data between a legacy system and some other software 
program most commonly using HL-7 standards. 

Legacy Systems: Computer applications, both hardware and software, which have been inherited through 
previous acquisition and installation. Most often, these systems run business applications that are not 
integrated with each other. Newer systems which stress open design and distributed processing capacity are 
gradually replacing such systems. 

Length of Stay (LOS): The duration of an episode of care for a covered person. The number of days an 
individual stays in a hospital or inpatient facility. May also be reviewed as Average Length of Stay (ALOS). 

LEPR (Longitudinal Patient Record): Longitudinal Patient Record is an EHR that includes all healthcare 
information from all sources. 

[M] 
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Management Information System (MIS): The common term for the computer hardware and software that 
provides the support of managing the plan. 

Master Patient / Member Index: An index or file with a unique identifier for each patient or member that 
serves as a key to a patient’s or member’s health record. 

Maximum Defined Data Set: All of the required data elements for a particular standard based on a specific 
implementation specification. An entity creating a transaction is free to include whatever data any receiver 
might want or need. The recipient is free to ignore any portion of the data that is not needed to conduct their 
part of the associated business transaction, unless the inessential data is needed for coordination of benefits. 

MCI: Medical Council of India 

Medical Code Sets: Codes that characterize a medical condition or treatment. These code sets are usually 
maintained by professional societies and public health organizations. Compare to administrative code sets. 

Medical Informatics: Medical informatics is the systematic study, or science, of the identification, collection, 
storage, communication, retrieval, and analysis of data about medical care services to improve decisions 
made by physicians and managers of health care organizations. Medical informatics will be as important to 
physicians and medical managers as the rules of financial accounting are to auditors. 

Medical Management Information System (MMIS): A data system that allows payers and purchasers to track 
health care expenditure and utilization patterns. It may also be referred to as Health Information System 
(HIS), Health Information Management (HIM) or Information System (IS). See also Electronic Medical Record 
(EMR). 

Metadata and Date Standard (MDDS) - A set of data elements and their specification for use in certain 
domain, such as health, e-governance. 

MIMS: Monthly Index of Medical Specialties 

Minimum Data Set: The minimum set of data elements that must be captured, stored, made available for 
retrieval, presentation, relay and sharing by an EHR system. It comprises of all of the essential data elements 
required for implementation. An entity creating a transaction must include the mandatory data elements at 
all times and is free to exclude optional data elements. The entity is free to additionally include whatever 
other data elements that any receiver might want or need. The recipient is free to ignore any portion of the 
data that is not mandatory and is further free to ignore any other portion of the data that is not needed to 
conduct their part of the associated transaction, unless required by sender, intermediaries or receiver. This 
minimum data set represents the most common data, and system designers are at liberty to add to it as they 
deem necessary to enrich or enhance their EHR systems. 

Modifier: Additional character of a code added to an existing code that is used to help in extending or 
localization of the existing code. 

[N] 
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NANDA: North American Nursing Diagnosis Association 

National Council for Prescription Drug Programs: An ANSI-accredited group that maintains a number of 
standard formats for use by the retail pharmacy industry. 

NEMA: The National Electrical Manufacturers Association (NEMA) is the association of electrical equipment 
and medical imaging manufacturers, founded in 1926 and headquartered in Rosslyn, Virginia. 

Non-Participating Physician (or Provider): A provider, doctor or hospital that does not sign a contract to 
participate in a health plan, usually which requires reduced rates from the provider. In the Medicare Program, 
this refers to providers who are therefore not obligated to accept assignment on all Medicare claims. In 
commercial plans, non-participating providers are also called out of network providers or out of plan 
providers. If a beneficiary receives service from an out of network provider, the health plan (other than 
Medicare) will pay for the service at a reduced rate or will not pay at all. 

[ 0 ] 

Open Access: A term describing a member’s ability to self-refer for specialty care. Open access arrangements 
allow a member to see a participating provider without a referral from another doctor. Health plan members’ 
abilities, rights or invitation to self refer for specialty care. Also called Open Panel. 

openEHR: openEHR is an open standard specification in health informatics that describes the management 
and storage, retrieval and exchange of health data in electronic health records (EHRs). In openEHR, all health 
data for a person is stored in a "one lifetime", vendor-independent, person-centered EHR. Maintained by the 
openEHR Foundation, these are based on a combination of years of European and Australian research and 
development into EHRs and new paradigms, including what has become known as the archetype 
methodology for specification of content and include information and service models for the EHR, 
demographics, clinical workflow and archetypes. They are designed to be the basis of a medico-legally sound, 
distributed, versioned EHR infrastructure. 

OR: Operating Room - synonymous to OT as below 

OT: Operation Theatre 

OTC: Over the counter (drugs). Refers to those drugs that are available off the shelf without any prescription 
or advice from a registered medical practitioner 

Outcome: A clinical outcome is the "change in the health of an individual, group of people or population 
which is attributable to an intervention or series of interventions”. (Taken from: Frommer, Michael; Rubin, 
George; Lyle, David (1992)."The NSW Health Outcomes program". New South Wales Public Health Bulletin 3: 
135. doi:10.1071/NB92067) 

Outpatient Care: Care given a person who is not bedridden. It is also called ambulatory care. Many surgeries 
and treatments are now provided on an outpatient basis, while previously they had been considered reason 
for inpatient hospitalization. Some say this is the fastest growing segment of healthcare 
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[P] 

Participating Physician: A primary care physician in practice in the payer’s managed care service area who 
has entered into a contract. 

Past History: A list of a patient’s past health problems, surgeries and specialists. 

Patient Demographics: All patient’s pertinent information such as first and last name, SSN, DOB, insurance, 
etc. 

Patient Portal: A secure web-based system that allows a patient to register for an appointment, schedule an 
appointment, request prescription refills, send and receive secure patient-physician messages, view lab 
results, pay their bills electronically, access physician directories. 

Patient: A person who is under medical care or treatment 

PC Based: A program designed to run on an individual PC. This typically means data is not shared in real time 
among other PCs (users). 

PCP: Primary care physician who often acts as the primary gatekeeper in health plans. That is, often the PCP 
must approval referrals to specialists. Particularly in HMOs and some PPOs, all members must choose or are 
assigned a PCP. 

PHR: A personal health record or PHR is typically a health record that is initiated and maintained by an 
individual. An ideal PHR would provide a complete and accurate summary of the health and medical history 
of an individual by gathering data from many sources and making this information accessible online. 

Picture Archive Communication System (PACS): Used by radiology and diagnostic imaging organizations to 
electronically manage information and images 

Practice Parameters, Practice Guidelines: Systematically developed statements to standardize care and to 
assist in practitioner and patient decisions about the appropriate health care for specific circumstances. 
Practice guidelines are usually developed through a process that combines scientific evidence of 
effectiveness with expert opinion. Practice guidelines are also referred to as clinical criteria, protocols, 
algorithms, review criteria, and guidelines. The American Medical Association defines practice parameters 
as strategies for patient management, developed to assist physicians in clinical decision-making. Practice 
parameters may also be referred to as practice options, practice guidelines, practice policies, or practice 
standards. 

Prescription Drug: Drug that the law says can only be obtained by prescription. 

Primary Care Physician: A "generalist” such as a family practitioner, pediatrician, internist, or obstetrician. 
In a managed care organization, a primary care physician is accountable for the total health services of 
enrollees including referrals, procedures and hospitalization. Also see Primary Care Provider. 
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Primary Care Provider: The provider that serves as the initial interface between the member and the medical 
care system. The PCP is usually a physician, selected by the member upon enrollment, who is trained in one 
of the primary care specialties who treats and is responsible for coordinating the treatment of members 
assigned to his/her plan. 

Primary Care: Basic or general health care usually rendered by general practitioners, family practitioners, 
internists, obstetricians and pediatricians who are often referred to as primary care practitioners or PCPs. 
Professional and related services administered by an internist, family practitioner, obstetrician-gynecologist 
or pediatrician in an ambulatory setting, with referral to secondary care specialists, as necessary. 

Principal Diagnosis: The medical condition that is ultimately determined to have caused a patient’s 
admission to the hospital. The principal diagnosis is used to assign every patient to a diagnosis related group. 
This diagnosis may differ from the admitting and major diagnoses. 

Privacy Standards: The Privacy standards restrict the use & disclosure of individually identifiable health 
information. Privacy standard applies to all protected health information may it is in physical or electronic 
form. 

Privacy: Privacy means an individual’s interest in limiting who has access to personal health care information. 
Specific patient authorization is required for use and disclosure of clinical notes. As per Fernando & Dawson, 
2009, privacy is control of access to private information avoiding certain kinds of embarrassment and can be 
shared or not shared with others; Only authorized (by the patient) people can view the recorded data or part 
thereof 

Progress Note: The documentation of a patient visit or encounter including all or part of the SOAP format. 

Protected health information (PHI): Any individually identifiable information whether oral or recorded in 
any form or medium that is created, or received by a health care provider, health plan or health care 
Healthcare provider and relates to past, present, or future physical or mental health conditions of an 
individual; the provision of health care to the individual; or past, present, or future payment for health care 
to an individual. 

[R] 

Real Time: The instantaneous sharing of data among a user group. It is common to a client/server database 
configuration. 

Reference Model (RM): 

Referral: Some insurance companies require that on specific plans a referral must be obtained for certain 
procedures or visits to specialists. The referral is acquired by the primary care physician (PCP) by contacting 
the insurance company by phone or mail. This is a request for the service. The referral consists of an 
authorization code, a number of visits allowed (if applicable) and an expiration date. 

Referring Provider: is the provider that referred the patient to a specialist or for a specific procedure. 


Page 41 





274 


File No. Q-11011 /2/2016-eGov (Computer No. 3062309 ) 
Receipt No : 374585/2016/MOHFW 


GLOSSARY 


Regenstrief: The Regenstrief Institute is an international non-profit medical research organization 
associated with Indiana University. It produces and maintains LOINC codes. 

Relational Database: A database program that stores data in a manner similar to Excel, with the difference 
being the data elements are related (linked] to each other. 

Remote Access: Data travels through a private, protected passage via the Internet, allowing healthcare 
providers to access from home or another practice location and allows EMR vendor to perform system 
maintenance off-site 

Rendering/Performing Provider: The provider actually treating the patient. 

Roles and Access Levels: The role and access level of the user needs to be determined and set by the system 
administrator. The role determines the access level. While roles may be such as system administrator, 
medical doctor, registered nurse, medical student, medical assistant, nurse assistant, ancillary nurse, health 
worker, Anganwadi worker (grass-root health worker], etc., the access levels may include viewing only, 
viewing/adding/editing only, viewing/adding/editing/deleting, all allowed etc. These need to be set out 
clearly in the SOP of the facility. 

ROS (Review of Systems]: A series of questions related to the system(s] that the patient is having complaints 
about (i.e. respiratory for cold symptoms], 

RxNorm: RxNorm is the name of a US-specific terminology in medicine that contains all medications 
available on US market; it provides normalized names for clinical drugs and links its names to many of the 
drug vocabularies commonly used in pharmacy management and drug interaction software. 


[S] 

Secondary Care: Services provided by medical specialists who generally do not have first contact with 
patients (e.g., cardiologist, urologists, dermatologists]. In the U.S., however, there has been a trend toward 
self-referral by patients for these services, rather than referral by primary care providers. This is quite 
different from the practice in England, for example, where all patients must first seek care from primary care 
providers and are then referred to secondary and/or tertiary providers, as needed. 

Security Standards: The Security Standards require measures to protect the confidentiality, integrity and 
availability of e-PHI while it’s being stored & exchanged. The security standard applies to all electronic PHI. 

Security: This refers to the methods and techniques adopted to protect privacy and are a defense mechanism 
from any attack (Hong et al., 2004] 

SNOMED: Systemized Nomenclature of Medicine Clinical Terms is the universal health care terminology. It is 
comprehensive and covers procedures, diseases, and clinical data. SNOMED CT helps to structure and 
computerize the medical record. It allows for a consistent way of indexing, storing, retrieving and aggregating 
clinical data across sites of care (i.e. hospitals, doctors offices] and specialties. By standardizing the 
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terminology, the variability in the way data is captured, encoded and used for clinical care of patients and 
research is reduced. Allows for more accurate reporting of data. It is currently available in English, Spanish 
and German. 

Social History: A description of a patient’s social habits and history including marital status, alcohol and drug 
use and exercise habits. 

Solo Practice, Solo Practitioner: A physician who practices alone or with others but does not pool income or 
expenses. This form of practice is becoming increasingly less common as physicians band together for 
contracting, overhead costs and risk sharing. 

SOP: Standard operating procedures or protocols 

SQL: Structured Query Language - is a computer language aimed to store, manipulate and retrieve data 
stored in relational databases. 

SDO: Standards Development Organization - an organization responsible for development and maintenance 
of a standard or several, usually run on a not-for-profit basis. 

Subjective: Section in a progress note where a patient’s account of their current problem is documented. 
Consists of chief complaint, HPI and ROS. 

Sx: Abbreviation for symptoms 


[T] 

Tl, T3 line: A high-speed internet connection provided via telephone lines often used by businesses needing 
internet connection speeds greater than DSL/Cable. 

Therapeutic Alternatives: Strong Drug products that provide the same pharmacological or chemical effect in 
equivalent doses. Also see Drug Formulary. 

TPA: Third Party Administrator 

Treatment Episode: The period of treatment between admission and discharge from a modality, e.g., 
inpatient, residential, partial hospitalization, and outpatient, or the period of time between the first 
procedure and last procedure on an outpatient basis for a given diagnosis. Many healthcare statistics and 
profiles use this unit as a base for comparisons. 

Treatment: The provision of health care by one or more health care providers. Treatment includes any 
consultation, referral or other exchanges of information to manage a patient’s care. 

[V] 

Vital Statistics: Statistics relating to births (natality), deaths (mortality), marriages, health, and disease 
(morbidity). Vital statistics for the United States are published by the National Center for Health Statistics. 
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Vital statistics can be obtained from CDC, state health departments, county health departments and other 
agencies. An individual patient’s vital statistics in a health care setting may also refer simply to blood 
pressure, temperature, height and weight, etc. 

VPN: Virtual Private Network - A VPN "tunnel” is a secure connection, typically firewall to firewall that 
provides for remote access to your data server. 

[W] 

WADO: Web Access to DICOM Object Service. 

WHO: The World Health Organization is a specialized agency of the United Nations that is concerned with 
international public health. 

[X] 

XML (Extensible Markup Language]: Used for defining data elements on a Web page and communication 
between two business systems. Example: Standard messaging system for and EMR to integrate with another 
software such as a practice management or drug formulary database. 
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CONTACT INFORMATION 


Contact Information 

The Director (eGov) 

e-Governance Division 

Department of Health & Family Welfare 

Ministry of Health & Family Welfare 
Government of India 

mohfw.nic.in 

Implementation specific queries may be referred to: 

National Release Center (NRC) 

HPC-Medical & Bioinformatics Application Group, 

Centre for Development of Advanced Computing (C-DAC) 

Savitribai Phule Pune University Campus 

Ganeshkhind Road 

Pune-411007 

Email: nrc-help@cdac.in 

http://www.snomedctnrc.in 
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EHR Standards for India Revised EHR Standards for 
2013 (Revisions) India 2016 


□ Demographic data to include MDDS specified from 
DietY for person details 


□ Identifier standards to be added to enable sharing 
of record across establishments 


□ SNOMED Clinical Terms (SNOMED CT) usage 
recommended for all clinical observations 


□ Logical Observation Identifiers Names and Codes 
(LOINC) recommended for lab tests 

□ WHO Family of International Classification (that 
includes ICD, ICF, and few others) to be used for 
reporting, epidemiological analysis etc. 


□ MDDS - Demographic (Person Identification and 
Land Region Codification) version 1.1 is specified in 
the revised document 

□ The following patient identifiers are specified in the 
revised document 

• UIDAI Aadhaar 
• Local Identifier 

• Government Issued Photo Identity Card Number 

□ A health record must use SNOMED CT as the 

primary encoding system for all clinically relevant, 
including dental, nursing, substance/drugs, 
information. 

□ LOINC must be used for processing results & reports 
with Lab and Imaging systems. 

□ WHOFIC including ICD, ICF, ICHI, ICD-0 codes 

mandated by health regulatory, intelligence, and 
various research bodies for statistical analysis for 
public health 
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EHR Standards for India 
2013 (Revisions) 



□ Minimum Data Set (MDS) section to be 
removed as it is non compliant with the 
recommended ISO 13606 standard 

□ Scanned documents standards to be introduced 


□ Security and Privacy standards to be indicated with 
clarity 


Revised EHR Standards for 
India 2016 



□ MDS section removed from the revised 
document. 

□ The following standards are included for the 
scanned or captured records: 

• Image: resolution 1024px x 768px at 300dpi 
• Audio/Video: ISO/IEC 14496 Audio-Visual Objects 
• Scanned Documents: ISO 19005-1 Electronic 
• Document File Format for Long-Term Preservation 

□ The following data privacy and security standards 
are included in the revised document: 

1. Security & Privacy Requirements of EHR Systems 

2. Information Security Management in Health 

3. Privilege Management and Access Control 

4. Audit trails for Electronic Health Records 

5. Secure Hash Algorithm (SHA) 

6. Minimum 256-bits key length 

7. HTTPS, SSL v3.0, and TLS vl.2 

8. Public Key Infrastructure (Part 1 through 5) 
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EHR Standards for India 
2013 (Revisions) 



□ List of supporting and complementing ISO 
standards to be streamlined 


Revised EHR Standards for 
India 2016 



□ List of Supporting / Complimenting Standards 
incorporated in the revised document: 

ISO 12967:2009 

ISO 13972:2015 

ISO 20301:2014 

ISO 21090:2011 

ISO 8601:2004 

ISO 13119:2012 

ISO 22857:2013 

ISO 21549-1:2013 

ISO TS 14265:2011 

ISO TS 27527:2010 


□ BIS , ISO and other SDO's to be mentioned for 
selection of standards 


□ Device integration standards to be specified 


□ Additional standards documented as a general rule, 
created or ratified by BIS , ISO and other Standard 
Development Organizations (SDOs) 

□ IEEE 11073 health informatics standards and 
related ISO standards for medical devices be 
followed as appropriate whenever any healthcare 
medical device is interfaced with the EMR system 
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EHR Standards for India Revised EHR Standards for 
2013 (Revisions) India 2016 


□ HL7 messaging standards to be streamlined to 
provide greater clarity 


□ E-prescription standards to be introduced 


□ Standards At A Glance section to be added to 
provide tabular list of standards 


□ Implementation guidelines section to be added for 
each of the standards 


□ Layout and general document format including the 
guidelines for hardware/software and data 
ownership to be reviewed 


The following standards are included: 

L J 1. ANSI/HL7 V2.8.2-2015 HL7 Standard Version 2.8.2 
- An Application Protocol for Electronic Data 
Exchange in Healthcare Environments 

2. ASTM/HL7 CCD Release 1 (basis standard ISO/HL7 
27932:2009) 

□ Pharmacy Practice Regulations, 2015 Notification 
No.14-148/ 2012- PCI as specified by Pharmacy 
Council of India included in the revised document 

□ Standards At A Glance section added to provide 
tabular list of standards and their intended 
applicable domain 

□ Implementation guidelines section added for each 
of the standards to help ISV's in implementation 
with the provided clarity 

□ Layout and general document format as well as the 
guidelines for hardware/software and data 
ownership are revised to provide greater clarity 
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Note No. #1 


10/06/2016 11:39 AM 


AMIT KUMAR-AD 
(AD) 


Note No. #2 


F. No Q.11011/2/2016-eGov 
FTS:3062309 


Subject: 


Revised EHR Standards reg. 


Ministry of Health and Family Welfare notified Electronic Health Record (EHR) 
Standards in September 2013 to encourage standardization, integration and 
electronic information exchange amongst the various healthcare providers. The 
EHR Standards document is living document and should be reviewed / updated 
periodically at a maximum of 24 months interval, as mentioned in the standards 
document. 


2. Accordingly, the updated and improvised EHR Standards were 

prepared in February, 2016 looking at the ever changing need of mass. As per 
the meeting held on 24 th February, 2016, JS (eGov) had desired that the 
improvised document should be uploaded on public domain with a view to elicit 
comments/views of the stakeholders including the general public. 


3. The comments of the general public were received. The draft EHR 

Standard Document has been revised by incorporating the relevant/ accepted 
comments by Shri B.S Bedi, Dr S B Bhattacharya and Shri Gaur Sunder. 


4. The same has been placed at 'F/A' for your kind perusal please. 


20/07/2016 3:39 PM 


AMIT KUMAR-AD 
(AD) 
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Note No. #3 

We may convene a meeting on EHR review committee to discuss the revised 
EHR standards document. 


File is submitted for seeking convenience of JS (e-Gov). 


25/07/2016 10:47 AM 


JITENDRA ARORA 
(DIR) 


Note No. #4 

3,00 pm on 8th August. 


29/07/2016 4:58 PM 


SUNIL SHARMA 
(JS) 


Note No. #5 


29/07/2016 5:28 PM 


JITENDRA ARORA 
(DIR) 


Note No. #6 


Subject: Minutes of the Fourth Meeting of the Electronic Health Record 
(EHR) Standards Review Committee held on 08th August 2016. 


Fourth meeting of EFIR review committee was held under the 
Chairmanship of Shri Sunil Sharma, Joint Secretary (eGov), MoFIFW on 8th 
August 2016 at 03.00 PM in room no. 249-A wing, Nirman Bhawan, MoFIFW. 
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2. The Minutes of the meeting prepared by the ePMU team are placed for 

your approval pleas. 


23/08/2016 4:38 PM 


ASHISH SHARMA-II(EGOV) 
(ASO) 


Note No. #7 

JS may kindly approve. 


24/08/2016 3:40 PM 


J1TENDRA ARORA 
(DIR) 


Note No. #8 


Approved. 


01/09/2016 2:41 PM 


SUNIL SHARMA 
(JS) 


Note No. #9 

MoM issues by mail. 


02/09/2016 10:00 AM 


JITENDRA ARORA 
(DIR) 


Note No. #10 

The Fourth meeting of EHR review committee was held under the 
Chairmanship of Shri Sunil Sharma, Joint Secretary (eGov), MoHFW on 8th 
August 2016. 

2. In the meeting, after detailed deliberation with the committee 

members. It has been decided to notify the EHR Standards 2016 recommended 
by the committee. 
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3. File is submitted for seeking approval of JS(eGov) for uploading the 

EHR Standards 2016 on Ministry's Website for information of various 
stakeholders and general public. 


02/09/2016 3:58 PM 


AMIT KUMAR-AD 
(AD) 


Note No. #11 

JS may kindly approve for notification of revised EHR standards 2016. 


02/09/2016 4:04 PM 


JITENDRA ARORA 
(DIR) 


Note No. #12 

As discussed with AD eGov certain changes are called for in the light of 
suggestions given by the EHR review committee. The file is returned accordingly. 


28/09/2016 7:18 PM 


SUNIL SHARMA 
(JS) 


Note No. #13 


Ministry of Health & Family Welfare (MoH&FW) notified the Electronic 
Health Record (EHR) Standards in September 2013 after obtaining approval of 
Hon'ble HFM . 


The set of standards given therein were chosen from the best available and used 
standards applicable to Electronic Health Records from around the world keeping 
in view their suitability and applicability in India. The Committee constituted to 
recommend the standards drew from experts, practitioners, government officials, 
technologists, and industry. The notified standards were not only supported by 
professional bodies, regulatory bodies, stakeholders, but various technical and 
social commentators as well as being a step in the right direction. MoH&FW 
moved ahead with facilitating the adoption, as next steps, and in last two years 
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the Ministry has made available standards like SNOMED CT free for use in 
country as well as appoint interim National Release Center (NRC) to handle this 
clinical terminology standard that is fast gaining widespread acceptance amongst 
the various healthcare IT stakeholder communities worldwide. 


2. At the time of notifying the standards in September 2013, it was 

understood that the standards themselves will continue to evolve over time. 
Consequently, it was accepted that the EHR document is a living document which 
will require revision from time to time. This becomes all the more necessary as 
understanding of those standards, their implementation and the expectations 
from the healthcare systems improve. 


Hence, MoH&FW constituted an expert group to review the earlier notified set of 
standards based on the experience and eyes firmly on the future. The set of 
standards provided herein represents the recommendations of the Expert 
Committee arrived at after deliberating on the various aspects of 
standardizations in healthcare record systems. The Committee also carefully 
examined the provisions of open standards and the guidelines as per the norms 
suggested by MeitY, Government of India and recommended the standards given 
later in the document. 


3. The draft of revised EHR standards as recommended by the Committee 
was put in Public Domain during March, 2016 for seeking comments/views. 


4. Thereafter, the Committee reviewed the suggestions/comments obtained 
and incorporated the same as relevant and appropriate in the final draft. Further 
a meeting of EHR review committee was held on 8th August, 2016 under the 
chairmanship of JS (eGov) to discuss these comments and the final draft. In the 
meeting the final draft of EHR Standards was approved for further perusal. 


5. In this regard, comparison of EHR standards notified in 2013 and present 
is placed on file (p.277-280/c) 


Being a policy document, kind approval of Hon'ble HFM is solicited 
before notifying the revised EHR Standards 2016 placed on file (p.230- 
276/c). 
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13/10/2016 3:09 PM 


JITENDRA ARORA 
(DIR) 


Note No. #14 


01/11/2016 4:39 PM 


SUNIL SHARMA 
(JS) 


Note No. #15 


01/11/2016 4:52 PM 


K B AGARWAL 
(AS) 

^tyltaily Signed 


Note No. #16 


04/11/2016 5:24 PM 


C K MISHRA 
(SECRETARY) 



Note No. #17 







File No. Q-11011 /2/2016-eGov (Computer No. 3062309 ) 


288 


23/12/2016 1:02 PM 

HFM(OFFICE OF HFM) 
(PS) 

Note No. #18 



23/12/2016 1:07 PM 

JAGAT PRAKASH NADDA(HFM) 

(HFM) 

yilgMy Signed 

Note No. #19 



29/12/2016 10:08 AM 

C K MISHRA 
(SECRETARY) 

Note No. #20 



29/12/2016 3:46 PM 

SUNIL SHARMA 
(JS) 

Note No. #21 



03/01/2017 10:38 AM 

JITENDRA ARORA 
(DIR) 

Note No. #22 



04/05/2017 2:49 PM 
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JITENDRA ARORA 
(DIR) 


Note No. #23 


07/06/2019 2:52 PM 


AMIT KUMAR-DD 
(DY.DIR) 


Note No. #24 


07/06/2019 2:54 PM 


ASHISH SHARMA-II(EGOV) 
(ASO) 


Note No. #25 


11/06/2019 11:33 AM 


JOGINDER PAL 
(US) 
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Government of India 
Ministry of Health and Family Welfare 

eGovernance Section 

******* 


Subject: Minutes of the Fourth Meeting of the Electronic Health Record (EHR) 

Standards Review Committee held on 08 th August 2016. 

Fourth meeting of EHR review committee was held under the Chairmanship of 
Shri Sunil Sharma, Joint Secretary (eGov), MoHFW on 8 th August 2016 in room no. 
249-A wing, Nirman Bhawan, MoHFW. List of Participants is placed at Annexure I. 

2. Shri Jitendra Arora, Director (eGov.), MoHFW welcomed the participants and 
briefed regarding the agenda of the meeting. Thereafter he requested Shri B S Bedi to 
make presentation covering (a) an analysis of the comments received from public 
domain on the Draft EHR Standards, 2016 and (b) final recommendations for EHR 
Standards 2016. 

3. Shri BS Bedi made a detailed presentation on the final recommendations for 
EHR Standards 2016 outlined after appropriate incorporation of the comments received 
from public domain on the Draft Standards. Further he mentioned that the revised Draft 
Standards were circulated to the Committee Members and the recommendations had 
been agreed upon by them. A copy of the presentation is provided at Annexure II. 

4. After the presentation, JS(eGov) requested the participants to share their 
views/observations, if any. 

5. The comments from DeitY were discussed during the meeting as mentioned by 
the representative from DeitY. Shri Bedi highlighted that the final recommendations for 
Standards adequately addressed these comments. 
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Based §f] e tW$' following 

decisions were taken: 

• The EHR Standards 2016 recommended by the Committee may be notified. 

• Workshops on EHR Standards may organized at regional level especially 
focusing on individual practitioners and small scale healthcare service providers 
for adoption of standards by them. iNRC Team at CDAC Pune to work on this. 

• NIC Team at Agartala managing eHospital should be trained in SNOMED CT at 
the earliest. iNRC Team at CDAC Pune to work on this. 

• eGov. Division to hold meeting with CDSCO regarding building Drug Master 
Database. 

• eGov. Division to hold discussion(s) with government agencies like CGHS, 
ESIC etc. and private insurance sector to evaluate and work out mechanism for 
implicitly mandating EHR Standards in Health IT Systems. 

• Implementation of SNOMED CT in select Public Health IT Systems may be 
taken up so that data reporting and analytics could be improved in such IT 
Systems especially of large scale. For this purpose, Mother & Child Tracking 
System (MCTS) may be considered initially. CHI may prepare a detailed 
change management paper and action plan in this regard for discussion with 
NHM and NIC. 

• MDDS for Health may be finalized in alignment with the revised EHR Standards 
2016. 


The meeting ended with vote of thank to the Chair and the participants. 
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Annexure I 

List of participants: 

1. Shri Sunil Sharma, Joint Secretary (eGov), MoHFW 

2. Shri Rajendra Pratap Gupta, Advisor to HFM, MoHFW 

3. Shri Jitendra Arora, Director (eGov), MoHFW 

4. Shri Gaur Sunder, PTO, CDAC- Pune 

5. Shri S. B. Bhattacharya, Head Health Informatics, TCS 

6. Dr. Karanvir Singh, CIO, Apollo Hospitals 

7. Shri B.S. Bedi, Advisor, CDAC, Delhi 

8. Shri Mayank, Scientist C, DeitY 

9. Shri Anirudh Sen, Deputy Director, FICCI 

10. Prof. S. N. Sarbadhikari, Project Director (CHI) 

11. Shri Amit Mishra, Senior Consultant, NHSRC 

12. Shri D.K Jain, Director, CDAC-Mohali 

13. Dr. Sanjay Sood, Head Health Informatics, CDAC-Mohali 
14.Shri Chandrasen, Project Lead (eGov), MoHFW 
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